Security Director - converting a group policy to a device-specific
3 weeks ago
any ideas on how to convert a group policy to a device-specific one? There is an option to do the opposite ("Promote to group policy") but this one appears to be missing. Importing the policy from the device does not keep the rule groups.
Long story, we have a couple of group policies in the SD which are used for a single device only each. We'd like to use the new auto-sync feature in 19.2+ but group policies do not support it (the changes need to be imported manually each time) even if it's the only policy assigned to the device and there are no other devices the policy is assigned to.
So far the possible options I found were: 1) Unassign the current policy and import it from the device - however, there is information (such as rule groups) that does not get pushed to devices and would be lost 2) I checked the structure of .ZIP export file and it appears editing Policy.xml and changing the policy type and position makes SD successfully import the modified .ZIP as a device-specific policy. I'm really reluctant to take this road though, as it appears to be untested and there is only so much testing we can do in a lab environment, so there's a (albeit low) chance the policy may get corrupted and we'd run into problems in the production further down the line.