Improvement to Machine Profiles/Policies

As it pertains to Itarian RMM -

It would be nice to see some updates to how device profiles are managed and assigned to machines. I would like to see something similar to how Microsoft’s Group Policy works where we have our RMM tree and at the root of that tree we can assign profiles that we would like all machines to inherit. Then we could add other profiles to customer nodes on the tree that we want to apply to all machines for that customer, and then apply profiles to subtrees of the customer nodes for Server or Workstations that those machines would only inherit. Profiles that are nearest to the device in the tree would be applied last so their settings would take precedence if the identical settings were also configured in other profiles that were further away from the device in the tree.

Also please make profile assignment more dynamic. Currently if I make a ‘Server’ profile I have to assign all my monitoring to it that I would use to monitor a wide variety of servers, or I need to create multiple profiles and manually assign these other profiles to specific servers. I would imagine over time of adding all your monitors and procedures to a single profile, this could get very taxing on a system. It would be better if profiles could be assigned dynamically. For example I could have a machine profile attached somewhere in my RMM tree that only includes the monitoring settings for a SQL server and have an option to apply that profile only to machines that are tagged as SQL servers under the location where the profile is applied. Of course, the ITarian agent would need to have some sort of logic built in to understand all the different roles that would apply to a device like SQL, Exchange, Domain Controller, DHCP Server, DNS, IIS, RDS, Server OS, Workstation OS, Android Mobile, iOS Mobile, etc, based on various information like the Operating System, Server Roles, and Applications that are present on the device.

Also please add something in conjunction with the above requests so that we can easily tell which machines are in compliance with inherited profiles and which are not. Create some sort of status page that shows which machine are in compliance and which have deviations. That way if someone manually changes a setting at the machine/device level, we can have a report at a glance that the machine is out of compliance with its profiles and an option to reapply the profiles to those devices and discard any settings that were not provided by the inheriting profiles.

I think something like this would help make applying profiles more efficient and ensure that our machines are only receiving the settings that pertain to them based on their designation and are not running or using any settings or monitors that do not pertain to them which would help with performance. It also helps us ensure that our machines are in compliance with the profiles and have not unknowingly been changed.

100% Agree on the logic on how it should or could work, but I think if you need that functionality then it will not likely be this platform as change is fairly slow with what I have noticed since signing up over 12 mths ago, and reading many forum posts.

I do use two other platforms totally separate with another employer, one that is based on your post, and it is very easy to see what policies are applied, and uses the tree or gpo type view with a simple way to modify a single endpoint/group/customer/global.

The other 2nd platform is much like this one (Itarian), able to clone/modify profiles but hard to keep track of whats inside the profiles without clicking and looking at each one.

Lets hope Itarian takes this and other suggestions onboard…


Im just pointing out the shortcomings with the way profiles are assigned using ITarian. In small groups it works OK, but when you are managing hundreds if not thousands of endpoints, you need a way to layer different policies together through a hierarchy. You also need a way to filter the profiles so they only get applied to specific machines so not all machines are taking on all the profile settings. Im not a programmer, but they already to seem to have a simplistic version of this working at the customer node level by just tagging profiles to the customer node or sub group node.

Im merely requesting they extend this into a Root/Top level that all your customers are tied to (sort of like the root domain in MS Group Policy) and add a filtering system in order to have certain profiles assigned to specific devices only. Otherwise, having to manually assign different profiles to different devices just invites human error. Or if someone adds or removes a profile at the device level, there is nothing currently there to tell you which devices have profiles that are in compliance with inheritance or have been changed at the device level.

I wouldnt expect it to be changed overnight but certainly could be done in phases. I do like how modern the platform is compared to other RMM tools, and for smaller MSPs it seems to have value. But if you are taking on more and more endpoints, you need features like this to help with automating and managing tedious tasks and to know your endpoints are being monitored as intended. Monitoring is a huge part of how an MSP brings value to its customers.


Thank you very much for providing us your suggestion for a Product Improvement. Our product management team is aware of your request and is working to prioritize it with the others received. We will provide you an email notification for any updates regarding this request and its timeline once it is prioritized on the road-map for a delivery.

Hello @minntech ,

First of all, I want to thank you for your suggestions.

We already have “profile priority” feature on our roadmap which will allow you to be able to choose the order of profiles on your devices/device groups from top to bottom.

Those are great feature requests, and we already added these into our roadmap as well. I will be informing you about a possible release date.

Thank you very much for your inquiries and suggestions. If you have any other questions, I would be more than happy to assist.

Best regards,
Ilgaz Yucecengiz
Technical Product Manager
Endpoint Manager, ITarian

@minntech and others. On the subject of profiles - just on the off-chance that you weren’t aware - the Reports / Reports Beta - Hardware Inventory Report(s) include a list of Profiles assigned to each EP. We have found this very useful when reviewing EP profiles.

Hi @ilgazy,

I know this post is almost 2 years old, but I was curious if there were any updates regarding this feature request.