Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - POLICY MANAGEMENT REFERENCE 10.3 30-03-2010 Management Manual page 22

Field
Permission for
Users or Groups
Create Groups on
the Managed
Device if they Do
not Exist
Remove Access
Control Rules not
Configured by
ZENworks
Inherit Applicable
Access Rights
Configured on
Parent Folders
NOTE: If the Full Control access right is denied for the Administrators or Authenticated Users
group, the policy is successful only during the first enforcement. However, if the Full Control
access right is denied for the Administrators or Authenticated Users group and the Remove
access control rules not configured by ZENworks option is selected, the policy fails.
The unenforcement of the Local File Rights policy from a device fails if the Full Control access
right is denied for the Administrators or Authenticated Users group in the policy.
6 Click Next to display the Summary page.
7 Click Finish to create the policy now, or select Define Additional Properties to specify
additional information, such as policy assignment,
and which group the policy is a member of.
22 ZENworks 10 Configuration Management Policy Management Reference
Details
Allows you to configure permissions for users or groups.
1. Click Add, then Click User or Group to select a user or a group from the
appropriate drop-down list.
2. Select the type of permission you want to configure as Simple NTFS
Permissions or All NTFS Permissions. Depending on the type of
permission you select, a list of permissions are displayed. Configure the
permissions as applicable to the selected user or group.
3. By default, when a permission is set on a folder, all the subfolders and the
files also inherit the permissions. If you want to restrict the inheritance of
the rights to only the immediate child file or folder, select Restrict
inheritance to immediate child files/folders only.
4. Click OK.
The permissions configured for the user or group in the Dynamic Local User
policy takes precedence over the permissions configured in the Local File
Rights policy.
Creates a group for which permissions are configured; however the group
does not exist on the managed device. With this option, you can create only
local groups.
Removes all access control entries for users or groups not configured by the
ZENworks Local File Rights policy. Also, updates the existing access control
entries for users and groups configured in the policy. After the policy is applied,
any manual changes made to the permissions for a user or group configured
by the policy are lost when the policy is re-applied.
Select Yes if you want a file or folder to inherit applicable access control rules
from its parent object. If you select No, inherited rules are removed. If you do
not want to make any changes, select not configured on the managed
device.At least one attribute, permission, or inheritance setting must be
configured to create a policy. Without configuring any settings, you cannot
create a policy.
system requirements, enforcement, status,