We are just starting to get into some policy management set up. we have some global defaults already and are working as designed. the next step we want to take is individual client(machine group) policies. i figured the first place to start is with credentials. just looking for some advice or any gotchas you may have run into, or any design help would be appreciated.
After spending a lot of time in Policies, I ended up doing this in Audit > Manage Credentials. Filter it so you just see the Organisations (or machine groups if you want), and create creds there.
Using Policies requires a View for each group / sub-group. Too much hassle - too hard to manage IMO.