Policy Application - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Managing Products with Policies and Client Tasks

Policy application

Setting policy enforcement
For each managed product or component, choose whether the agent enforces all or none of
its policy selections for that product or component.
From the Policies page, choose whether to enforce policies for products or components on
the selected group.
In the Policy Catalog page, you can view assignments, per policy, where the it is applied but
not enforced.
When policies are enforced
When you reconfigure policy settings, the new settings are delivered to, and enforced on, the
managed systems at the next agent-server communication. The frequency of this communication
is determined by the Agent-to-server-communication interval settings on the General
tab of the McAfee Agentpolicy pages, or the Agent Wakeup task schedule (depending on how
you implement agent-server communication). This interval is set to occur once every 60 minutes
by default.
Once the policy settings are in effect on the managed system, the agent continues to enforce
policy settings locally at a regular interval. This enforcement interval is determined by the Policy
enforcement interval setting on the General tab of the McAfee Agentpolicy pages. This
interval is set to occur every five minutes by default.
Policy settings for McAfee products are enforced immediately at the policy enforcement interval
and at each agent-server communication if policy settings have changed.
NOTE: There is a delay of up to three minutes after the interval before policies for Norton
AntiVirus products are enforced. The agent first updates the GRC.DAT file with policy information,
then the Norton AntiVirus product reads the policy information from the GRC.DAT file, which
occurs approximately every three minutes.
Exporting and importing policies
If you have multiple servers, you can export and import policies between them via XML files.
In such an environment, you only need to create a policy once.
You can export and import individual policies, or all policies for a given product.
This feature can also be used to back up policies if you need to re-install the server.
Policy application
Policies are applied to any system by one of two methods, inheritance or assignment.
Inheritance
Inheritance determines whether the policy settings and client tasks for a group or system are
taken from its parent. By default, inheritance is enabled throughout the System Tree.
When you break this inheritance by assigning a new policy anywhere in the System Tree, all
child groups and systems that are set to inherit the policy from this assignment point do so.
Assignment
You can assign any policy in the Policy Catalog to any group or system (provided you have the
appropriate permissions). Assignment allows you to define policy settings once for a specific
need, then apply the policy to multiple locations.
116 McAfee ePolicy Orchestrator 4.0.2 Product Guide