Adding policy targets

When creating a policy-based task, it is often a good idea to initially deploy the policy to a small target set. This is done so that if problems are encountered when deploying the policy it will only impact a small set of users. Once the results of the deployment to the small set of users have been validated, add additional targets to the policy. When new targets are added to an active policy task, the policy immediately becomes available to the newly-targeted devices or LDAP items.

Adding static targets

Policy-based management can use static targets as policy targets. Static targets are a list of specific devices or users that doesn't change unless you manually change it. Add static targets by selecting individual devices from the network view as targets. Individual LDAP devices can't be added as static targets.

Adding dynamic targets

Policy-based management can use queries to determine policy targets. Queries are stored only in the core database. For more information on queries, see Database queries.

Dynamic targets can include network view device groups, LDAP objects, LDAP queries, and inventory queries.

In order for devices to receive policies that are targeted through Active Directory, they have to be configured to log in to the directory. This means that they need to have all the correct agent software installed, and they need to actually log in to the correct directory so that their fully distinguished name will match the name that was targeted through Directory Manager and Scheduled Tasks Application Policy Manager.

In order to target a device from LDAP, each Windows device must have a computer account on the Active Directory domain controller. This means that the computer being used as the device must be logged in to the domain where the Active Directory exists. You can't simply map a network drive using the fully-qualified Windows domain name. The policy won't take effect this way.

To use Directory Manager to create a query
  1. Click Tools > Distribution > Directory Manager.
  2. Click the Manage directory toolbar button.
  3. Enter the directory URL and authentication information and click OK.
  4. Click the New query toolbar icon.
  5. Create your query. For more information, see LDAP queries.