Help CenterBy default, there will not be a Global group created in your ThreatLocker organization. A Global group would come first in the policy hierarchy which means that policies placed at the Global level will be processed first. Care must be taken when adding policies at a Global level. A deny policy placed at the Global level will block that application at every level, even if another group has an allow policy for the same application. For more information on policy hierarchy, please see our Policy Hierarchy KB.
To create a Global group, be sure you are managing your parent organization. Navigate to the 'Computers' page. Select the 'Group' tab located at the top-right of the page. Select the '+Computer Group' button.
In the window that opens, name your computer group 'Global'. You can leave all the other options in their default settings. Select the 'Create' button in the bottom left corner.
This Global group will encompass every other computer group in every organization under your parent organization, including the parent organization
Creating Global "Starts With" Groups
Beginning in Portal 2.3.3, you can create a Global group for a specific group of computers that start with the same prefix, such as Workstations or Servers, by naming the group 'Global-Workstations' or Global-Servers with no spaces, as shown below.
A Global-Workstations policy will apply to all computers in any group with a name beginning with Workstations in your parent organization and every organization under it. For example, Global-Workstations will include all groups that begin with Workstations, Workstations-Accounting, Workstations-IT, etc,
Mac Global Groups
For utilizing global policies to be effective on Mac computer groups, be sure to specify the Computer Group Type to be "Mac".
To target specific Mac computer groups globally, indicate the global group name using the same method as Windows. For example, to build global Mac policies to target a Mac computer group(s) called "Macbook", the global group would need to be named "Global-Macbook" using the naming convention of "Global-[GROUPNAME]".
