IT Management Suite

All,

From my understanding, the best practice for scoped security is to create an automation policy to move resources into an organizational view and then assign permissions to a role to only be able to access that organizational view.

While this works fine and dandy, my users have noticed something.

Since I am only running my automation policy once a day, machines that are newly provisioned are not available until for viewing as a scoped role enabled user until this task runs.

Is my only solution to run the automation policy once an hour?

That is what we do. We simply accelerated the automation policy to occur every hour. To ensure the load on the server was appropriate, I added a WHERE clause in the sql statement to only move objects who had a 'createddate' in the last hour. I leveraged vcomputer for that.

I suppose there are other suggestions, but this is what worked best in our environment.

Hi SilentCastle and MonitorMan

Hopefully we are able to use the "Computer Group" Field in the pre-definedComputer.csv file in the next Release of Deployment Server.

I´m positive on this because on the Feature list of DS 7.1 SP2 there are notes about this: "Import and use all data within pre-defined computer spreadsheet".

Network23

MonitorMan,

Sounds like a great idea.  Do you mind sharing your sql code?  I could repurpose that.

You could scope all users to always be able to access new computers, or scope for unassigned computers.  This would ensure they had access 100% of the time.  You could also accelerate your automation policy to prevent the "extra" scope from existing for too long.