I think I know the answer to this and the answer is it's not possible but I really need to be able to configure access control based on a group. At present, it seems I can only configure it by resource and am limited to a maximum of 100 at a time, I've nearly a thousand so am repeating myself 10 times.
This means every time a new resource is added to the AD group that defines it should be part of PMP I then have to go and configure access control on it which seems crazy. It should be configured in a similar manner to periodic password resets which are group-based.
Am I correct here or is there something I'm missing? What if we had 100k workstations and can only configure on 100 at a time? We'd be there forever!
And I'm not always aware of when new machines are added and there doesn't seem to be a way of checking which have it enabled and which don't.
It's really stopping me from rolling this out to the end-users.