Is there any way to create an automatic group using relevance to exclude a list of servers by the comment in the server/client comment field? Or maybe by a registry setting (i could create a meaningless reg key) to key on or maybe a folder on the system drive?
I have several groups of servers that need high level permission to install patches and reboot and I’d sure like to exclude them from automatic groups somehow so they don’t accidentally get patched. Else I’ll be toast!
For example I’d like to exclude all servers with the comment of “Exchange” and “SOX”, etc… from automatic groups.
Right now I’m just creating manual groups without those servers in them.
not exists value "srvcomment" whose (it as string as uppercase = "YOURDESCRIPTIONHERHE") of keys "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" of registry
You would also want to add conditions to ensure you see only Windows servers and not workstations
windows of operating system
product type of operating system != nt workstation product type
I’m still new at this, so I must admit , I’m not sure how exactly how to do this…
But I appreciate your fast response and I’m digging through it trying to figure it out.
Hopefully this will help. Create a New Automatic Group using a name suitable for your environment (you can add this in the Master Action Site as in this screen grab of use your own custom site if you are using them. Use the + buttons to add 2 additional rules so you have 3 in total then from the drop down list “Computer Name” select “Relevance Expression”.
Click the Edit Relevance button then use these relevance statements for each item.
windows of operating system
product type of operating system != nt workstation product type
not exists value "srvcomment" whose (it as string as uppercase contains "EXCHANGE" or it as string as uppercase contains "SOX") of keys "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" of registry
Click on Create and the group will be created. This will then get sent out to endpoints to evaluate and over the course of time, you should start to see the group getting propagated with members.