Policy Rules

The Policy Rules tool allows an administrator to automatically assign policies to client workstations in a more comprehensive way. Rules are applied immediately after the client connects to the server; they have priority over the Server Policy and over manual assignments. The Server Policy only applies if the client does not fall under any current rules. Likewise, if there is a manually assigned policy to be applied and it is in conflict with the policy rules, the configuration forced by the policy rules will take precedence.

If each server is managed by a local administrator, each administrator can create individual policy rules for their clients. In this scenario it is important that no conflicts exist between policy rules, such as when the upper server assigns a policy to clients based on the policy rules, while the lower server simultaneously assigns separate policies based on local policy rules.

Policy rules can be created and managed from the Policy rules tab in Policy Manager.. The process of creation and application is very similar to that of rule creation and management in email clients: each rule can contain one or more criteria;  the higher the rule is in the list, the more important it is (it can be moved up or down).

To create a new rule, click New Rule and select whether you want to Create New or use the Policy Rules Wizard. Then enter a Name, Description, Client filter parameter and Policy (a policy that will be applied to any clients matching the specified criteria).

To configure the filtering criteria, click Edit:

(NOT) FROM Primary Server – If (not) located on primary server.

IS (NOT) New Client – If it is (not) a new client.

HAS (NOT) New Flag – Applies to clients with/without the New Client flag.

Primary Server (NOT) IN (specify) – If name of the primary server contains/does not contain...

ERA GROUPS IN (specify) – If client belongs to the group…

ERA GROUPS NOT IN (specify) – If client does not belong to the group…

DOMAIN/WORKGROUP (NOT) IN (specify) – If client belongs/does not belong to the domain…

Computer Name Mask (specify) – If computer name is ....

HAS IPv4 Mask (specify) – If client belongs to the group defined by the IPv4 address and mask…

HAS IPv4 Range (specify) – If client belongs to the group defined by the IPv4 range…

HAS IPv6 Mask (specify) – If client belongs to the group defined by the IPv6 address and mask…

HAS IPv6 Range (specify) – If client belongs to the group defined by the IPv6 range…

HAS (NOT) Defined Policy (specify) – If client does (or does not) adopt the policy…

Product Name (NOT) IN – If product name is...

Product Version IS (NOT) – If product version is...

Client Custom Info Mask 1, 2, 3(NOT) IN – If Client Custom Info contains...

Client Comment Mask (NOT) IN

HAS (NOT) Protection Status (specify) – If client's protection status is...

Virus Signature DB Version IS (NOT) – If virus signature database is...

Last Connection IS (NOT) older than (specify) – If last connection is older than...

IS (NOT) Waiting For Restart – If client is waiting for restart.

Policy rules can be imported from or exported to an .xml file. Policy rules can also be created automatically by using the Policy Rules Wizard, which allows you to create a policy structure based on the existing group structure and then map created policies to groups by creating correspondent policy rules. For more information on importing/exporting policy rules see chapter titled Importing/Exporting policies.

To remove a policy rule, click Delete Rule....

Click Run Policy Rule Now... if you want to immediately apply the activated rule.