The Groups Page

Use this page to control groups. The functions from many other Ivanti Endpoint Security pages are available from this page (the Endpoints page, the Users and Roles page, and so on). However, the functions performed on the Groups page pertain primarily to the selected group's endpoints.

Groups are selected from the Browser, a Groups page pane. The browser displays an expandable tree that lists parent and child groups. From this browser, you can access group information by clicking a group. Information for the selected group displays in the main pane.

Unlike most other Ivanti Endpoint Security pages, which are organized by tabs, the Groups page is organized by views, which are selectable from the View list. The information displayed for a selected group changes according to view.

The views are:

The Groups Page Browser

Interact with all groups in Ivanti Endpoint Security by using the Groups page Browser, which organizes your groups into a tree hierarchy.

You can interact with the Browser in a variety of ways:

  • You can expand the group hierarchy by clicking the triangle.
  • You can collapse the group hierarchy by clicking click the triangle again.
  • You can interact with a group by selecting it and using the Groups page features.
  • You can create a new group, add endpoints to the selected group, or change views for the selected group by right-clicking it and making a selection from the menu.
  • You can drag and drop custom groups by dragging the custom groups icon (not the group name) into another group.

Note: Remember a couple of thing when you are dragging and dropping groups:

  • You can't drag a group down within its own child hierarchy. Groups can be moved to other group hierarchies however.
  • If you drag a group with a child hierarchy into another group, the child hierarchy gets moved as well.
  • If the group you are moving is inheriting Agent Policy Sets, moving that group will change the policies it inherits. Before moving the group, check what Agent Policy Sets the group is inheriting, because moving a group without understanding its inherited policies can result in big changes to endpoint behavior!

Group Hierarchy

Within the Groups page Browser, groups are organized into a tree hierarchy. This hierarchy creates a structure similar to a family tree. This structure allows you to aggregate group membership and settings through inheritance. Familiarize yourself with examples of group hierarchy in this topic to understand how groups impact endpoint group membership and settings.

Root GroupIn the Ivanti Endpoint Security group tree structure, the root group is the group of origin, which has no parents or ancestors. Within Ivanti Endpoint Security, My Groups is the root group, and all other groups are its descendent.

Parent Group: A parent group is a group that is one branch higher in the tree than the groups below it. In the figure above, Group A is parent of Group A1, Group A2, and Group A3. A parent group can have multiple child groups, and these children inherit the parent group settings.

Child Group: A child group is a group that is one branch lower in the tree than its parent. In the figure above, Group A1 is the child of Group A. Each child group can only have one parent, and the child group inherits its parent settings by default.

Sibling Groups Sibling groups are groups that share a parent group. In the figure above, Group A and Group B are siblings. Any group can have zero, one, or more siblings.

Ancestor Groups: Ancestors groups are all the groups above a group in the tree hierarchy for a single lineage. In the figure above, Group A1 has ancestor groups of Group A, Custom Groups, and My Groups. Group B is not an ancestor group for Group A1.

Descendent Groups: Descendent groups are all the groups below a group in the tree hierarchy. In the figure above, Customs Groups has descendants in Group A (and all its child groups) and Group B (and all its child groups).

Leaf Group: A leaf group is a group that has no children. In the figure above, Group A1 is a leaf group.

Inheritance: Inheritance is the mechanism that allows groups to aggregate endpoint membership and settings.

  • Endpoint membership is inherited up the tree. For example, endpoints added to Group A3 are aggregated to with the endpoints directly assigned to Group A.
  • Settings (such as mandatory baselines and agent policies) are inherited down the tree. For example, an Agent Policy Set assigned to Custom Groups is also assigned to Group A, as well as groups A1, A2, and A3. Setting inheritance is enabled by default, but you can also disable it. Each group has its own inheritance settings. See Editing Group Settings.

Within the Browser, System Groups and Directory Service Groups hierarchies cannot be modified. For additional information on group types, refer to Defining Groups.

Defining Groups

Within Ivanti Endpoint Security, there are several types of groups. Some groups are created by users, while others are created by the Ivanti Endpoint Security system. When working with groups, only user- created groups can be deleted.

Groups are categorized into the following classifications.

Groups

Group Type

Icon

Description

My Groups

Custom Groups

(Parent) and (Child)

Custom groups are created and managed by the user.

System Groups1

(Parent) and (Child)

These groups are system created groups.

Directory Service Groups

(Parent) and (Child)

These groups are created when an agent submits a directory service hierarchy that does not already exist in Ivanti Endpoint Security. You cannot modify Directory Service Groups or their hierarchies.

(1) Endpoints identified in your network are automatically assigned a group membership based on IP address, Active Directory (AD) membership, or operating system. Not all IP ranges, AD groups, or operating systems may be shown. This omission is because Ivanti Endpoint Security creates system groups based on only the endpoints present in your network.

An Ungrouped group is a group of endpoints that have not yet been added to a custom group. A Virtual Machines group is a group that is created for endpoints that are in a virtual machine environment (VMware, Citrix, etc). You cannot modify System Groups or their hierarchies.

Viewing Groups

Navigate to the Groups page to work with groups. After navigating to the page, select a group and a view.

You can select this page from the navigation menu at any time.

  1. From the Navigation Menu, select Manage >Groups.
  2. Expand the Browser tree to the desired group.
  3. Select the group you want to view.
    The selected group’s information displays.
  4. Select the desired view from the View list.

    Tip: You may right-click within the Browser tree and select either the Create Group option, Add Endpoints to Groups option, or a specific view. You must be on Custom Groups to utilize the Create Group or Add Endpoints to Groups option.

  5. The selected group’s information displays on the main pane. Select a different view from the View list to change the information displayed.