I am just trying to get setup on the new WU policies. I have 2 policies that I want to assign to all computers under my control, therefore they are included in my top level :AYS Default" policy that all clients get. In there I have my WU policies set to do reboots.
Now the problem is I want to add a “Servers” policy to those clients who still have on prem servers, and in there I want all the features of my default WU policies, EXCEPT, no reboot.
No matter what I do, my servers are inhereiting the 2 policies with reboots first, then layering the “server” WU policy on top.
How do I block my servers from inheriting the 2 WU policies that all machines get? The only way I can think of is to create a separate policy for each clinet and add the default WU policies to them, in which case, I am back to where I was before policy inheritance.
Windows Updates are effectively subpolicies, so the entirety of that subpolicy is going to be applied down the inheritance tree. There is no way to tease out elements of the subpolicy.
I am not sure how you have your inheritance tree structured, but you could just move your WU stuff lower in the tree and then apply a universal subpolicy (with no reboots) to your server folder(s).
I’ll share how I do it, but I did mention to one of the other Syncro people that just 1 small change would greatly help the whole policy idea and assigning them.
Basically, I have a “base policy” that sets things like remote access, certain monitors, and runs several scripts. This way, as soon as a Syncro agent is installed on a new device, it gets these settings regardless of where in the customer subfolders it’s installed.
I then have 2 other policies, one for Servers and one for Workstations. These have specific patch policies under them as well as things like offline alerts for Servers but not for the workstations.
So this makes it easy when I go to the Customers section, Assets & Policies, I have each customer broken out with 2 subfolders. Servers & Workstations. As I’m sure you can guess by now, anything under Server gets the Server policy and Workstation gets Workstation policy. This works well, but it is cumbersome especially when first moving to Syncro or if bringing on multiple customers at once since you have to hit each one and do this.
Ideally, what I’d love to see, is a way to assign a policy to multiple customers/subfolders at once, like a bulk edit/assign. That way, I could be on my Server policy, hit “bulk assign” and then select “Server” folder from all my customers or some sort of way to match it on a mass scale.
You can bulk assign the top-level folder of customers, but that is more of an all-or-nothing affair. Bulk-assigning policies has room for a lot of unwanted issues to take hold, for instance if you had multiple subfolders named “Server” within the same customer, for example.
The method you described for handling this is the preferred method.