Creating a Global Computer Group
By default, there will not be a Global group created in your ThreatLocker organization. A Global group would come first in the policy hierarchy which means that policies placed at the Global level will be processed first. Care must be taken when adding policies at a Global level. A deny policy placed at the Global level will block that application at every level, even if another group has an allow policy for the same application. For more information on policy hierarchy, please see our Policy Hierarchy KB.
To create a Global group, be sure you are managing your parent organization. Then navigate to the Computer Groups page. Click the 'New Computer Group' button located at the top of the page.
In the window that opens, name your computer group 'Global'. You can leave all the other options at their default settings. Click the 'Save' button in the top left corner.
This Global group will encompass every other computer group in every organization under your parent organization, including the parent organization. If you wanted to create a Global group for a specific group of computers (e.g. Workstations or Servers), you need to name the group 'Global-[computergroup]' with no spaces, as shown below.
A Global-Workstations policy will apply to all computers in the Workstations group in your parent organization and every organization under it. You can create a Global group for any computer group you have provisioned. For example, if you have a computer group named TestServers, you can create a Global group called Global-TestServers.