Why can the template only be applied to a pre‑defined group? Why can it not be applied to a single host?

It is true that the user cannot apply the modified rule templateto a single user. The user has to add the specified host into ahost group before applying the rule template on it. We're doingthis because we figured it's more convenient to divide Intranethosts into different groups, and the administrator can definedifferent templates accordingly. It makes more sense to operate ongroup level than host level because in general there are not manydifferent templates in SME, and the policies applied to a hostdon't tend to change too often. Moreover, in our design a host canbelong to different groups and there're priorities among groups.For example, the CEO of the company can be in "Administrator" groupand "Default" group in the same time. But he will only inherit theprivilege of "Administrator" group due to its higher priority. Butsince there're priorities among host groups, we don't allowhost-wise template operation because we cannot prioritize betweenthe single host and a host group. Indeed it introduces a littleinconvenience when applying a template to single host, buteventually the user benefits from the host group design.

Rank: 1.5