Managing groups of clients

In
Symantec Endpoint Protection Manager
, groups function as containers for the endpoints that run the client software. These endpoints can be either computers, or users. You organize the clients that have similar security needs into groups to make it easier to manage network security.
Symantec Endpoint Protection Manager
contains the following default groups:
  • The
    My Company
    group is the top-level, or parent, group. It contains a flat tree of child groups.
  • The
    Default Group
    is a subgroup of
    My Company
    . Clients are first assigned to the
    Default Group
    when they first register with
    Symantec Endpoint Protection Manager
    , unless they belong to a predefined group. You cannot create subgroups under the
    Default Group
    .
You cannot rename or delete the default groups.
If you rename
My Company
in the cloud console, the group name does not change in
Symantec Endpoint Protection Manager
.
Group management actions
Task
Description
Add groups
Import existing groups
If your organization already has an existing group structure, you can import the groups as organizational units.
You cannot manage imported organizational units in the same ways that you can manage the groups that you create in
Symantec Endpoint Protection Manager
.
Disable inheritance for subgroups
The subgroups inherit the same security settings from the parent group by default. You can disable inheritance.
Create locations within groups
You can set up the clients to switch automatically to a different security policy if the physical location of the client changes.
Some security settings are group-specific and some settings are location-specific. You can customize any settings that are location-specific.
Manage security policies for groups
You can create security policies based on the needs of each group. You can then assign different policies to different groups or locations.
Perform group maintenance
You can move groups for easier management and move clients between groups. You can also block clients from being added to a particular group.