Help CenterBy default, there will not be a Global group created in your ThreatLocker organization. A Global group would come first in the policy hierarchy which means that policies placed at the Global level will be processed first. Care must be taken when adding policies at a Global level. A deny policy placed at the Global level will block that application at every level, even if another group has an allow policy for the same application. For more information on policy hierarchy, please see our Policy Hierarchy KB.
To create a Global group, be sure you are managing your parent organization. Navigate to the 'Computers' page. Select the 'Group' tab located at the top-right of the page. Select the '+Computer Group' button.
In the window that opens, name your computer group 'Global'. You can leave all the other options in their default settings. Select the 'Create' button in the bottom left corner.
This Global group will encompass every other computer group in every organization under your parent organization, including the parent organization
Creating Global "Starts With" Groups
Beginning in Portal 2.3.3, you can create a Global group that will apply to computer groups with the same prefix. These are called Global "Starts With" groups and can be created by naming the group using the following syntax:
Global-Keyword
'Keyword' in the above example can be replaced with a prefix that appears in computer groups within the parent organization the global group is created in, or child organizations under the parent organization. For example, if you have two groups in your parent organization called 'Workstations-Accounting' and 'Workstations', and a child organization has a group called 'Workstations-IT', the Global "Starts With" group you created at the parent organization called 'Global-Workstations' will apply to all of the aforementioned groups as they have that keyword in common. This keyword can be changed to anything, but is most commonly used for 'Servers' or 'Workstations' groups.
Mac Global Groups
For utilizing global policies to be effective on Mac computer groups, be sure to specify the Computer Group Type to be "Mac".
To target specific Mac computer groups globally, indicate the global group name using the same method as Windows. For example, to build global Mac policies to target a Mac computer group(s) called "Macbook", the global group would need to be named "Global-Macbook" using the naming convention of "Global-[GROUPNAME]".
