Auditor Help: Dynamic Groups

Dynamic groups are collection of systems with some attribute(s) in common, based on a user-defined query. This means the group can be consistent and functional despite changing membership. You can create dynamic groups based on operating system, domains, or specific attributes to reflect your unique environment and/or specific policies required at your organization. For example, you might define a series of dynamic groups based on an OS query and apply security policies relevant for the best practices of each OS to the OS group. Such an approach would mean that bringing new systems online would not require a manual update to the groups.

  1. On the General tab, enter a name a description for the group.
  2. Click on the Custom tab and click the Add  button (or select and existing attribute and click the Edit  button) to define a custom attribute.
  3. Click on the Query tab define the criteria for the dynamic group membership.
    • Click the Add  button (or select and existing attribute and click the Edit  button) to define a query criteria.
    • Select and existing criteria and click the Edit  button) to modify the criteria.
    • Select criteria nodes and use the Group  button to group all the selected nodes with an AND operand at the location of the top-most selected node. This button is only enabled when one or more nodes are selected.
    • Select a criteria and use the And/Or  button to change selected criteria rows and the immediate parent operand mode (AND becomes OR, OR becomes AND). This button is only enabled when one or more rows are selected in the list view.
    • Select a criteria and use the Move up  button to re-order the criteria such that all nodes shift upwards by one row. This may cause some nodes to become children of the next higher level of the tree. If an AND/OR node is selected, then the entire sub-tree moves as a unit. Adjacent selected nodes move as a group. A selected node may not move beyond a higher selected node. This button is enabled when one or more nodes are selected in the list view and there is at least one node above one or more of the selected nodes.
    • Select a criteria and use the Move down  button to re-order the criteria such that all nodes shift downwards by one row. This may cause some nodes to become children of the next higher level of the tree. If an AND/OR node is selected, the entire sub-tree moves as a unit. Adjacent selected nodes move as a group. A selected node may not move beyond a lower selected node. This button is enabled when one or more nodes are selected and there is at least one node below one or more of the selected nodes.
    • Select a criteria and use the Delete  button to remove the selected criteria. If an AND/OR node is selected, all child nodes will be deleted as well.

  4. Click on the Members tab to verify the hosts.
  5. Click OK.

Helpful Hint  Tip:  Smaller groups, with fewer than 1000 members, speed calculations and allow targeted policies. Consider breaking large groups, even All Systems, into groups that suit your environment and policies; perhaps All Servers and All Workstations or All 2000 Servers, XP Workstations, etc.