Group Targeting Does Not Work

It seems like this question gets asked a lot on the newsgroups and oftentimes results in an incorrect answer being posted, so I thought I would clarify here. The underlying problem is that you want your rule to run on computers in a particular group. The simple answer that is often given (but is wrong) is to target your rule to the group (i.e. the class that is defined for that group, since a new class gets created for every group). This will simply not work the way the answer implies; what this will do is run the rule only against the single group instance of that group class (there is only one instance of this class because it is a singleton). This rule will then run on the root management server and only for one instance.

The correct way to do this is to first target your rule to whatever makes sense; if it is a rule that is meant to run for SQL, it should be targeted to the appropriate SQL class, and so on. Next, you probably want to have your rule be disabled (i.e. Enabled="false") to start, otherwise it will immediately run on all agents where an instance of your targeted class is discovered. Finally, you will want to override your rule and set Enabled="true" with the context being your group instance (type should work also, but group instance is a much more precise definition of the override). You can also invert the process to disable a rule for a particular group, while having it run by default.