Home » Creating Custom Groups
 

Custom Groups

Custom Groups

Endpoint Central allows IT admins to group their resources with it's custom group feature, wherein a group can be created either manually or automatically by populating resources from AD Objects. Custom groups can be created to automate certain tasks to be performed on pre-defined targets, thus bringing in a great degree of efficiency. The advantages of custom groups are:

  1. You can have any number of custom groups to group computers and users of a specific department.

  2. You can add or remove users/computers from groups at any point of time.

  3. Groups once created can be used in any number of configurations.

  4. Creating unique custom groups, will leverage user management by defining specific scope (unique custom Groups) to specific users.

  5. Custom groups with computers or users that belong to different domains and workgroups can be created. For configurations that have to be deployed to computers or users belonging to different domains and workgroups, this custom group can be used.

  6. In version 10.0.598 and above, custom groups can be created by technicians with write permission for deployment activities. However these custom groups can be created only on the basis of computers and not users. The managed computers can be filtered by the created custom groups using custom group Filters.

  7. In version 11.2.2331.01 and above, custom groups can be created from Active Directory groups. Replicate organizational structure as exists in the Active Directory into the scope of the product, instead of repeating the process of defining individual groups to perform tasks such as patching, software deployment etc. Predefined objects in the AD will be created and reflected as different groups in the product.

 

Grouping of resources can be done in three different ways according to your needs:

Computer

Custom groups can be created by grouping the managed computers in three different ways as follows:

Static

Static groups can be defined when you have a definite set of computers or AD group targets from a single or different domains to be added. These groups are created as targets, for various tasks. A computer can be a part of more than one static custom group. Static custom groups can be created in the following ways:

Manual

Manual custom groups can be created by any technician with deployment access by choosing the required managed computers to the custom group. Manual groups are not altered without user intervention. To create a static custom group in manual mode, navigate to Admin > Custom groups > Create new group > computer > Choose static category option > Choose the assign manually membership option. To ease the process of manually grouping the managed computers, the managed computers can be selected using:

  1. The list of managed computers with computer and domain name search filter.
  2. manual cg

  3. The tree view structure of domains.
  4. manual cg

  5. Import csv option.The csv should contain the name of the computer followed by the domain name as explained below: [Computer Name,Domain Name (Eg: system101,companyorg)]

manual cg

AD Groups

Static custom groups can also be created by admnistrators directly by choosing the pre-existing subgroups from the AD. All the available groups under the AD will be listed in the product, and the necessary groups can be selected and created into a separate custom group. Existing subgroups in the selected objects of the AD will be created as individual custom groups (if they aren't already a custom group in the product), with the following naming pattern: AD Group Name - Parent OU - Domain. In the case that the provided name already exists, sequential numbers will be added at the end. [Eg: AD Group Name - Parent OU - Domain (1)]. AD Groups based static custom groups are automatically updated when the domain sync is completed. To create an AD Group based static custom group, navigate to Admin > Custom groups > Create new group > computer > Choose static category option > Choose the AD Groups membership option

manual cg

Static Unique

A static unique group is a static custom group, where the computers belonging to this group cannot be added to any other groups. Computers added to a static unique group once will not be listed when you try to create another group of the same kind. The main purpose of creating a static unique group is to associate these groups as Scope for the users. All the privileges to manage this group can be defined only by the administrator. Static unique custom groups can be created in the following ways:

Manual

Manual static unique groups can be created by the administrators by choosing the required managed computers to the custom group. Manual groups are not altered without user intervention. To create a static unique custom group in manual mode, navigate to Admin > Custom groups > Create new group > computer > Choose static unique category option > Choose the assign manually membership option. To ease the process of manually grouping the managed computers, the managed computers can be selected using:

  1. The list of managed computers with computer and domain name search filter.
  2. The tree view structure of domains.
  3. Import csv option.The csv should contain the name of the computer followed by the domain name as explained below:
    [Computer Name,Domain Name (Eg: system101,companyorg)]

Domain/Organizational Unit

The creation of static unique custom groups can also be done by syncing the AD with Endpoint Central. By selecting the Domain/Organizational Unit (OU) while creating the static unique group, all the computers listed under that domain/OU will be associated into that static unique group. If a computer already exists in another group, it will not be added to the new static unique group. Only one particular Domain/OU can be mapped to a custom group. Sub OUs in the selected OU of the AD will be created as individual custom groups (if they aren't already a custom group in the product), with the following naming pattern: AD OU - Parent OU - Domain The Sub-OU based CGs will be mapped to the parent OU CGs. To create a static unique custom group in manual mode, navigate to Admin > Custom groups > Create new group > computer > Choose static unique category option > Choose the Domain /Organization unit membership option.

manual cg

Dynamic

A dynamic custom group can be created by any technician withdeploye a set of rules or criteria. Based on the defined criteria, the computers get automatically included in this group. Any new computers matching the criteria will automatically get added to this group. The computers belonging to this group are generated only during the execution configuration. Currently, we only support Windows and Mac devices. The defined queries will be applied, and the result will be published as the dynamic custom group. To create a dynamic custom group, navigate to Admin > Custom groups > Create new group > computer > Choose dynamic category option.

manual cg

Dynamic Groups can be created based on various criteria like:

  1. Computer - Name, Type
  2. Operating System - version, Type
  3. Device - Model, Manufacturer
  4. Processor - Architecture, Type
  5. Service Pack
  6. Software - Name, Version
  7. IP - Address, Range
  8. TPM - Status, Version
  9. Bios Version
  10. Firmware Type
  11. Domain
  12. Remote Office
  13. Script
  14. Bitlocker Encryption Status

User

Similar to computers, Active Directory (or) workgroup users can also be grouped using custom groups. Currently, we support static category user custom groups only.

manual cg

Static

Static user groups can be defined when you have a definite set of users from a single or different domains to be added. These groups are created as targets, for various tasks. A user can be a part of more than one static custom group. To create a static user custom group, navigate to Admin > Custom groups > create new group > User. To ease the process of manually grouping the users, the managed users can be selected using:

  1. The list of users with user and domain name search filter.
  2. manual cg

  3. The tree view structure of domains.
  4. manual cg

  5. Import csv option.The csv should contain the name of the computer followed by the domain name as explained below:
    [User Name,Domain Name (Eg: administrator, companyorg)]
  6. manual cg

Sync Settings

Custom groups can be created automatically using Active Directory objects by configuring the sync setting as follows:

  1. Navigate to the Admin tab > Global Settings > Custom Group.
  2. Choose the Sync Settings tab and click on the Add AD Path button.
  3. manual cg

  4. Choose where the sync has to happen from, by clicking on the AD Groups and Organizational Unit checkbox. The AD Groups and subgroups in the selected AD path will be created as individual static groups while the parent and child OUs will be created as static unique groups.
  5. Select the applicable Group Name Format from the drop list.
  6. Select the required AD Path.
  7. After the necessary actions have been performed, click Preview and Save.

You have now automated custom group creation from the Active Directory.

Note: A sync between the AD and Endpoint Central happens every day at particular time intervals (can be configured by the administrator). To reflect the AD changes immediately in the product, the sync can be initiated manually as well. The maximum number of tries for manual sync between the product and the Active Directory is limited to 4 times a day.

Custom Group Settings

Custom group settings allow an administrator to provide access to all the custom groups created by administrators to all technicians handling the various scope of computers for deploying patches, applications, and configurations. Both user and computer sharing options are provided for administrators to choose the required sharing option. Custom groups created by administrators can be viewed and accessed by a technician only when the custom group settings are enabled. To enable custom group settings, navigate to Admin > Custom groups > Settings.

manual cg

  1. A technician can view only the computers in a custom group that are a part of his scope.
  2. Any technician can create multiple custom groups with the computers under his scope.
  3. A custom group created by an administrator cannot be viewed by a technician if the setting is disabled.
  4. Custom group settings can be modified only by admnistrators.