Flags

When merging policies, you can change the behavior by using policy flags. Flags define how a setting will be handled by the policy.

For each setting, you can select one of the the following flags:

icon_no_apply_policy Not apply - Any setting with this flag is not set by policy. Because the setting is not forced, it can be changed by other policies later on.

icon_apply_policy Apply - Settings with this flag will be sent to the client. However, when merging policies, it can be overwritten by a later policy. When a policy is applied to a client computer and a particular setting has this flag, that setting is changed regardless of what was configured locally on the client. Because the setting is not forced, it can be changed by other policies later on.

icon_force_policy Force - Settings with the Force flag have priority and cannot be overwritten by a later policy (even if the later policy has a Force flag). This assures that this setting won’t be changed by later policies during merging.

To make navigation easier, all rules are counted. The number of rules you have defined in a particular section will be displayed automatically. Also, you'll see a number next to the category names in the tree on the left. This shows a sum of rules in all its sections. This way, you'll quickly see where and how many settings/rules are defined.

You can also use the following suggestions to make policy editing easier:

Use icon_apply_policy to set the Apply flag to all items in a current section

Use icon_no_apply_policy to delete rules applied to the items in the current section

 

light-bulbEXAMPLE: How can Administrator allow users to see all policies

Administrator wants to allow user John to create or edit policies in his home group and allow John to see policies that are created by Administrator. Policies created by Administrator include icon_force_policy Force flags. User John can see all policies, but cannot edit policies created by Administrator because Read permission for Policies with access to Static Group All is set. User John can create or edit policies in his Home Group San Diego.

Administrator has to follow these steps:

Create environment

1.Create a new Static Group called San Diego.

2.Create new Permission set called Policy - All John with access to Static Group All and with Read permission for Policies.

3.Create a new Permission set called Policy John with access to Static Group San Diego, with functionality access Write permission for Group & Computers and Policies. This permission set allows John to create or edit policies in his Home Group San Diego.

4.Create new user John and in icon_section Permission Sets section select Policy - All John and Policy John.

Create policies

5.Create new policy All- Enable Firewall, expand icon_section Settings section, select ESET Endpoint for Windows, navigate to Personal Firewall > Basic and apply all settings by icon_force_policy Force flag. Expand the icon_section Assign section and select Static Group All.

6.Create new policy John Group- Enable Firewall, expand icon_section Setting section, select ESET Endpoint for Windows, navigate to Personal Firewall > Basic and apply all settings by icon_apply_policy Apply flag. Expand the icon_section Assign section and select Static Group San Diego.

Result

Policies created by Administrator will be applied first because of icon_force_policy Force flag usage. Settings with the Force flag have priority and cannot be overwritten by a later policy. Then policies created by user John will be applied.

Navigate to Admin > Groups > San Diego, click the computer and select Show details. In Configuration > Applied policies is the final policy application order.

admin_policy_flags_example

The first policy is created by Administrator and the second created by user John.