Creating target groups

Use target groups to assign similar policies and permissions to multiple targets. The policies are effective during remote control sessions.

About this task

For more information about starting remote control sessions, see the BigFix® Remote Control Installation Guide. When a new target is defined in the BigFix® Remote Control Server, it automatically becomes a member of the default target group. However, the Administrator must assign the target to relevant target groups.

A target can be a member of multiple groups. Policies and permissions are defined for a target group when it is created. A permissions link must be created between the target group and a user group. The policies and permissions that are defined in the permission link and any other links that are defined in the group hierarchy, are used to derive the set of policies for the session. For more information about deriving session policies, see How policies are determined for a remote control session.

Procedure

To create target groups, complete the following steps:
  1. Click Target Groups > New Target group.
    The Edit Target Group window is displayed. Define the target group name and select the policies and permissions that are relevant for the target group.
  2. Type in a name for the target group,
    For example, testtargets.
  3. Optional: Type in a description for the target group.
  4. For Heartbeat interval, type in the number of minutes that the target members of this group wait before they contact the BigFix® Remote Control Server.
  5. Use Lock target on disconnect to determine whether the target computers that belong to this target group are locked automatically when a remote control session ends.
    Set to Yes
    The target is locked when a remote control session with it ends.
    Set to No
    The target is not locked when a remote control session with it ends.
  6. Select the value for Automatically reset the console after a Remote Desktop console session:
    ValueDescription
    Never Do not apply the workaround.
    At session start
    Reset the Windows® session when a remote control session is started.
    Note: The Windows® session takes a couple of minutes to initialize and the controller user sees a blank desktop until the initialization is complete.
    After console is logged out

    Reset the Windows® session when the Remote Desktop user logs out.

    For more information about this attribute, see Gray screen on a Windows 2003 system .
    Note: The attribute is not set to any value by default.
  7. Select the value for Allow Remote Control connections to Remote Desktop sessions:
    ValueDescription
    No Does not allow the controller to connect to a running Remote Desktop session in the target. The default value is no.
    Yes The controller follows the active session when connecting to a target, even if the active session is a Remote Desktop session.
    Not set Uses the generic value defined in the follow.active.session property located in the trc.properties file. The default value is no.
    Note: This feature is available in Remote Control v9.1.2 IF0002 and later versions.
  8. Select the permission settings for the target group.
    The settings are classed as the standard or normal set for the group. On initial display, the screen shows the default values for the permissions that you can accept or change to your own requirements

    The Permission settings for the group can be defined in the following ways:

    • To accept the given default permission settings, click Submit.
    • To assign an already defined set of standard or normal permissions, select the template name from the pull-down
      • The Policy list is populated with the values saved for the selected permission set.
      • Click Submit.
    • To define a new standard set of permissions complete the following steps
      1. Click Edit Settings, the policy values are now available for selection.
      2. For each Policy in the list, select the permission or enter a value
        Note: For more information about server policies, see Server session policies.
        Yes
        The policy is valid for members of this target group and therefore its value is considered when the permissions are combining in Manage Permissions.
        No
        The policy is not valid for members of this target group but its value is also considered when the permissions are combined in Manage Permissions.
        Not Set
        No value is set and therefore it is not considered when the permissions are combined in Manage Permissions because this option is overridden by all others. For more information about how permissions are assigned, see How policies are determined for a remote control session.
      3. The new permissions set can be saved in the following ways:
        • Save existing template

          Select this option to save the changes to the template name that is displayed in the template list.

        • Save as new template named

          Select this option to save the changes to a new template.

      4. Click Submit.