Table of Contents
Advertisement
15
Using policies to manage products and systems
How policy assignment rules work
On a managed system, the agent keeps a record of the users who log on to the network. The policy
assignments you create for each user are pushed down to the system they log on to, and are cached
during each agent-server communication. The agent applies the policies that you have assigned to
each user.
When a user logs on to a managed system for the first time, there can
be a slight delay while the agent contacts its assigned server for the
policy assignments specific to this user. During this time, the user has
access only to that functionality allowed by the default machine policy,
which typically is your most secure policy.
To use user-based policy assignments, you must first register and
configure a registered LDAP server for use with your ePolicy Orchestrator
server.
About migrating legacy policy assignment rules
Policy assignment rules created using a version 4.5 ePolicy Orchestrator server were user-based by
default. For migrated legacy policy assignment rules with no user-based criteria specified, the rules
will continue to be evaluated as user-based. However, when creating a new user-based policy
assignment rule , you must specify at least one user-based criteria.
Applying your migrated legacy user-based policy assignment rules
causes your ePolicy Orchestrator server to perform a look up on the
LDAP server for every managed system in your network at each
agent-server communication interval.
About system-based policy assignments
System-based policies allow you to assign policies to systems using system based criteria.
You can assign a system-based policy using two types of system-based criteria:
•
System Tree location — All policy assignment rules require that System Tree location is specified.
•
Tags — User defined tags can be used to assign policies to system based on the tags you have applied.
Once you have defined and applied a tag to your systems, you can create a policy assignment rule to
assign policies to any system with that tag. This functionality is useful in cases when you want all
systems of a particular type to have the same security policy, regardless of their location in the
System Tree.
Using tags to assign system-based policies
Using tags to assign system-based policies makes automating policy assignment easier than ever.
System-based policies which specify tags as criteria work in a similar fashion to user-based policies.
They are assigned based on selection criteria you define using the Policy Assignment Builder. Any
system you can tag, you can apply a specific policy to, based on that tag.
®
168
McAfee
ePolicy Orchestrator
®
4.6.0 Software Product Guide
Advertisement
Chapters
Table of Contents
