In the console, Computer Groups are initially broken down by "All Computer Groups" and "Non-Master Operator Computer Groups". Is there a specific reason? Do Computer Groups created by a Master Operator behave differently? The documentation on Computer Groups doesn't appear to speak to this.
Interesting. My Non-MO main account doesnāt do that. Itās just āAll Computer Groupsā.
If I sign in as a MO, then I do see it.
1 Like
Hehā¦ umā¦ I really need to start using a non-MO account for most of my work. 
I mandated it a couple years back as best of best practice.
There are still a couple pain points, but it helps keep people from putting stuff in the master action site, among other things 
3 Likes
@straffin , doubt they work any different but as a general practice - keep MO to absolute minimum. What I can share from experience is that when the client gets udp message for cycle interruption, it always starts with MO site (evaluates everything - actions, content, groups, etc) and then moves on to other sites, so if your MO site is very big and you have a lot of interruptions on a specific agent you may find yourself in situation that the agent never gets past the MO siteā¦ Several years ago (before adoption NMO accounts), we used to had the very bad habit of creating all patching baselines, policies, even a lot of deployments with MO accounts to the magnitude that the MO site by itself was taking 10-15 mins of the evaluation cycle and we starting seeing issues where the clients on certain slower machines were never evaluating/running actions from NMO users. It would send the action, it will be 10-15-20 mins and the user would get fed up and click āsend refreshā which again ditches where the client is in its cycle and start over MO site from start; and again; and againā¦ We switched to NMO, left a handful of stuff in MO (and rethought some of our operators to not use āsend refreshā functionality that much), and those issues were over with! Nowadays, the only stuff we do have in MO site are a handful critical properties/analysis/computer groups which evaluation we essentially āprioritiseā by leaving them there over everything elseā¦
2 Likes
The difference really comes down to potential scope (i.e. non-master operator computer groups are limited to the potential scope of the operator that created them). This is because non-master operators can only create Computer Groups in their own opsite, or in a custom site. So, even if a non-master operator creates an automatic group with a relevance expression of āTRUEā which would encompass āall computersā, it would be limited to āall computersā manageable by the given operator.
1 Like
If a Master Operator creates a Computer Group in a Custom Site (on behalf of the users of that site, for example), would this limit the Group to being processed by only the computers in that Site?
Yes. Regardless of the operator type, if a computer group is created in a custom site, the potential scope of computers will be limited to those that subscribe to the custom site.
1 Like
Whewā¦ good. I wasnāt looking forward to potentially recreating hundreds of Computer Groups Iāve recently created for a particular IT group.
Still interested in the reasoning behind the Console UI distinction between All Computer Groups and Non-Master Operator Computer Groups, thoughā¦
1 Like