Endpoint Central allows IT admins to group their resources with it's custom group feature, wherein a group can be created either manually or automatically by populating resources from AD Objects. Custom groups can be created to automate certain tasks to be performed on pre-defined targets, thus bringing in a great degree of efficiency. The advantages of custom groups are:
You can have any number of custom groups to group computers and users of a specific department.
You can add or remove users/computers from groups at any point of time.
Groups once created can be used in any number of configurations.
Creating unique custom groups, will leverage user management by defining specific scope (unique custom Groups) to specific users.
Custom groups with computers or users that belong to different domains and workgroups can be created. For configurations that have to be deployed to computers or users belonging to different domains and workgroups, this custom group can be used.
In version 10.0.598 and above, custom groups can be created by technicians with write permission for deployment activities. However these custom groups can be created only on the basis of computers and not users. The managed computers can be filtered by the created custom groups using custom group Filters.
In version 11.2.2331.01 and above, custom groups can be created from Active Directory groups. Replicate organizational structure as exists in the Active Directory into the scope of the product, instead of repeating the process of defining individual groups to perform tasks such as patching, software deployment etc. Predefined objects in the AD will be created and reflected as different groups in the product.
Grouping of resources can be done in three different ways according to your needs:
Custom groups can be created by grouping the managed computers in three different ways as follows:
Static groups can be defined when you have a definite set of computers or AD group targets from a single or different domains to be added. These groups are created as targets, for various tasks. A computer can be a part of more than one static custom group. Static custom groups can be created in the following ways:
Manual custom groups can be created by any technician with deployment access by choosing the required managed computers to the custom group. Manual groups are not altered without user intervention. To create a static custom group in manual mode, navigate to Admin > Custom groups > Create new group > computer > Choose static category option > Choose the assign manually membership option. To ease the process of manually grouping the managed computers, the managed computers can be selected using:
Static custom groups can also be created by admnistrators directly by choosing the pre-existing subgroups from the AD. All the available groups under the AD will be listed in the product, and the necessary groups can be selected and created into a separate custom group. Existing subgroups in the selected objects of the AD will be created as individual custom groups (if they aren't already a custom group in the product), with the following naming pattern: AD Group Name - Parent OU - Domain. In the case that the provided name already exists, sequential numbers will be added at the end. [Eg: AD Group Name - Parent OU - Domain (1)]. AD Groups based static custom groups are automatically updated when the domain sync is completed. To create an AD Group based static custom group, navigate to Admin > Custom groups > Create new group > computer > Choose static category option > Choose the AD Groups membership option
A static unique group is a static custom group, where the computers belonging to this group cannot be added to any other groups. Computers added to a static unique group once will not be listed when you try to create another group of the same kind. The main purpose of creating a static unique group is to associate these groups as Scope for the users. All the privileges to manage this group can be defined only by the administrator. Static unique custom groups can be created in the following ways:
Manual static unique groups can be created by the administrators by choosing the required managed computers to the custom group. Manual groups are not altered without user intervention. To create a static unique custom group in manual mode, navigate to Admin > Custom groups > Create new group > computer > Choose static unique category option > Choose the assign manually membership option. To ease the process of manually grouping the managed computers, the managed computers can be selected using:
The creation of static unique custom groups can also be done by syncing the AD with Endpoint Central. By selecting the Domain/Organizational Unit (OU) while creating the static unique group, all the computers listed under that domain/OU will be associated into that static unique group. If a computer already exists in another group, it will not be added to the new static unique group. Only one particular Domain/OU can be mapped to a custom group. Sub OUs in the selected OU of the AD will be created as individual custom groups (if they aren't already a custom group in the product), with the following naming pattern: AD OU - Parent OU - Domain The Sub-OU based CGs will be mapped to the parent OU CGs. To create a static unique custom group in manual mode, navigate to Admin > Custom groups > Create new group > computer > Choose static unique category option > Choose the Domain /Organization unit membership option.
A dynamic custom group can be created by any technician withdeploye a set of rules or criteria. Based on the defined criteria, the computers get automatically included in this group. Any new computers matching the criteria will automatically get added to this group. The computers belonging to this group are generated only during the execution configuration. Currently, we only support Windows and Mac devices. The defined queries will be applied, and the result will be published as the dynamic custom group. To create a dynamic custom group, navigate to Admin > Custom groups > Create new group > computer > Choose dynamic category option.
Dynamic Groups can be created based on various criteria like:
Similar to computers, Active Directory (or) workgroup users can also be grouped using custom groups. Currently, we support static category user custom groups only.
Static user groups can be defined when you have a definite set of users from a single or different domains to be added. These groups are created as targets, for various tasks. A user can be a part of more than one static custom group. To create a static user custom group, navigate to Admin > Custom groups > create new group > User. To ease the process of manually grouping the users, the managed users can be selected using:
Custom groups can be created automatically using Active Directory objects by configuring the sync setting as follows:
You have now automated custom group creation from the Active Directory.
Note: A sync between the AD and Endpoint Central happens every day at particular time intervals (can be configured by the administrator). To reflect the AD changes immediately in the product, the sync can be initiated manually as well. The maximum number of tries for manual sync between the product and the Active Directory is limited to 4 times a day.
Custom group settings allow an administrator to provide access to all the custom groups created by administrators to all technicians handling the various scope of computers for deploying patches, applications, and configurations. Both user and computer sharing options are provided for administrators to choose the required sharing option. Custom groups created by administrators can be viewed and accessed by a technician only when the custom group settings are enabled. To enable custom group settings, navigate to Admin > Custom groups > Settings.