Global Threat Condition: Elevated
Importing NT domains
Importing NT domains to an existing group
Use this task to import systems from an NT domain to a group you created manually.
You can populate groups automatically by synchronizing entire NT domains with specified groups. This is an easy way to add all the systems in your network to the System Tree at once as a flat list with no system description.
If the domain is very large, you can create subgroups to assist with policy management or System Tree organization. To do this, first import the domain into a group of your System Tree, then manually create logical subgroups.
TIP: To manage the same policies across several domains, import each of the domains into a subgroup under the same group, on which you can set policies that inherit into each of the subgroups.
When using this method:
• Set up IP address or tag sorting criteria on subgroups to automatically sort the imported systems.
• Schedule a recurring NT Domain/Active Directory Synchronization server task for easy maintenance.
Task
For option definitions, click ? on the page displaying the options.
1 From the ePO Menu select System Tree | Group Details, then select or create a group in the System Tree.
2 Next to Synchronization type, click Edit. The Synchronization Settings page for the selected group appears.
3 Next to Synchronization type, select NT Domain. The domain synchronization settings
appear.
4 Next to Systems that exist elsewhere in the System Tree, select what to do with systems that would be added during synchronization already exist in another group of the System Tree.
NOTE: McAfee does not recommend selecting Add systems to the synchronized group and leave them in their current System Tree location, especially if you are only using the NT domain synchronization as a starting point for security management and use other System Tree management functionalitys (for example, tag sorting) for further organizational granularity below the mapping point.
5 Next to Domain, click Browse and select the NT domain to map to this group, then click
OK. Alternatively, you can type the name of the domain directly in the text box.
NOTE: When typing the domain name, do not use the fully-qualified domain name.
6 Select whether to deploy agents automatically to new systems. If you do so, be sure to
configure the deployment settings.
TIP: McAfee recommends that you do not deploy the agent during the initial import if the domain is large. Deploying the 3.62 MB agent package to many systems at once may cause network traffic issues. Instead, import the domain, then deploy the agent to smaller groups of systems at a time, rather than all at once. However, once you’ve finished deploying agents, consider revisiting this page and selecting this option after the initial agent deployment, so that the agent is installed automatically on any new systems that are added
to the group (or its subgroups) by domain synchronization.
7 Select whether to delete systems from the System Tree when they are deleted from the
NT domain.
8 To synchronize the group with the domain immediately, click Synchronize Now, then
wait while the systems in the domain are added to the group.
NOTE: Clicking Synchronize Now saves changes to the synchronization settings before synchronizing the group. If you have an NT domain synchronization notification rule enabled, an event is generated for each system added or removed. (These events appear in the Notifications Log, and are query able). If you selected to deploy agents to added systems, the deployment is initiated to each added system. When the synchronization completes, the Last Synchronization time is updated. The time and date are when the synchronization
finished, not when any agent deployments completed.
9 If you want to synchronize the group with the domain manually, click Compare and
Update. The Manually Compare and Update page appears.
NOTE: Clicking Compare and Update saves any changes to the synchronization settings.
a If you are going to remove any systems from the group with this page, select whether
to remove their agents when the system is removed.
b Select the systems to add to and remove from the group as necessary, then click Update Group to add the selected systems. The Synchronize Setting page appears.
10 Click Save, then view the results in the System Tree if you clicked Synchronize Now or Update Group.
Once the systems are added to the System Tree, distribute agents to them if you did not select to deploy agents as part of the synchronization. Also, consider setting up a recurring NT Domain/Active Directory Synchronization server task to keep this group up-to-date with new systems in the NT domain.
