ZCM11.2.1 on windows MSsql. Endpoint disabled. School system with generic
student user names in multiple contexts.
Scenario: Users are in edirectory. Because of the limited LDAP connector I
could not assign policies to my generic users in multiple contexts at the
same school. As expected the the first generic named user would get the
policy and or bundle and then LDAP would search no longer. To solve this I
assigned the policy to the folder the generic user exists in and let it be
inherited. Problem solved for multiple generic student accounts in multiple
contexts in the same school. But if I have a unique named user in the same
folder / context as the generic user and I assign a less restrictive policy
directly to the user the more restrictive inherited policy (which is first
in order listed in the agent) is what is being enforced. looking at the
agent status for policy the inherited restrictive policy is effective and
the directly assigned admin policy is effective. In that order.
Question: how do I make the less restrictive directly assigned policy
override the inherited policy?