How to assign DLP endpoint agents to groups automatically by machine name
Article ID: 200674
Updated On:
Products
Issue/Introduction
You wish to automate the process of adding machines to endpoint agent groups based on all or part of their machine name as referenced in Active Directory.
Environment
Release : 16.0, 15.x, Windows Endpoints.
Resolution
Here's an outline of how to get an an endpoint agent group assigned automatically by machine name.
1. Create the machine attribute in Agent Groups click the Manage Agent Attribute link:
2. Create a new attribute machine domain attribute and use the query from the example below
(&(objectCategory=Computer)(name=$AgentHostName$))
3. Next, create a new agent group, select the attribute you just created in the drop down. And enter a machine name with wildcard eg below.
Once selected, the drop-down will create a new text box.
In this example all machines names starting with 'WIN' will be included in the group.
4. Save and assign a configuration setting to the group in the normal way.
5. On your test agent, shutdown and restart the agent to force it to check in. Verify that it's assigned to the correct group.
Additional Information
Endpoint Agent groups assignment are prioritized in the following order:
1. Group with Endpoint computer hostname ("Always include these agents"…)
2. Group with Endpoint Server name
3. Group with Agent Attributes and condition is satisfied
4. Default Group (if none of the above matches)
Wildcards are not supported in the "Always include these hosts" condition field. The "Always include these hosts" condition field is OR'd with other agent group conditions.
Wildcard evaluation is only done for attribute fields at the Endpoint Prevent server in the agent group engine and not for the agent hostname list.
Wildcard character ( * ) can be used in Attribute based conditions to specify multiple values. For example, "Test*" matches both "Tester" and "Testing".
Feedback
