Flags
When merging policies, you can change the behavior by using policy flags. Flags define how a setting will be handled by the policy.
For each setting, you can select one of the following flags:
Not apply - Any setting with this flag is not set by policy. Because the setting is not forced, it can be changed by other policies later on.
Apply - Settings with this flag will be sent to the client. However, when merging policies, it can be overwritten by a later policy. When a policy is applied to a client computer and a specific setting has this flag, that setting is changed regardless of what was configured locally on the client. Because the setting is not forced, it can be changed by other policies later on.
Force - Settings with the Force flag have priority and cannot be overwritten by a later policy (even if the later policy has a Force flag). This assures that this setting won’t be changed by later policies during merging.
To make navigation easier, all rules are counted. The number of rules you have defined in a specific section will be displayed automatically. Also, you will see a number next to the category names in the tree. This shows a sum of rules in all its sections. This way, you will quickly see where and how many settings/rules are defined.
You can also use the following suggestions to make policy editing easier:
•Use to set the Apply flag to all items in a current section
•Use Not apply flag to delete rules applied to the items in the current section.
See also policy removal rules. |
How can Administrator allow users to see all policies
Administrator wants to allow user John to create or edit policies in his home group and allow John to see policies that are created by Administrator. Policies created by Administrator include Force flags. User John can see all policies, but cannot edit policies created by Administrator because Read permission for Policies with access to Static Group All is set. User John can create or edit policies in his Home Group San Diego. Administrator has to follow these steps: Create environment 1.Create a new Static Group called San Diego. 2.Create new Permission set called Policy - All John with access to Static Group All and with Read permission for Policies. 3.Create a new Permission set called Policy John with access to Static Group San Diego, with functionality access Write permission for Group & Computers and Policies. This permission set allows John to create or edit policies in his Home Group San Diego. 4.Create new user John and in Permission Sets section select Policy - All John and Policy John. Create policies 5.Create new policy All- Enable Firewall, expand Settings section, select ESET Endpoint for Windows, navigate to Network protection > Firewall > Basic and apply all settings by Force flag. Expand the Assign section and select Static Group All. 6.Create new policy John Group- Enable Firewall, expand Setting section, select ESET Endpoint for Windows, navigate to Network protection > Firewall > Basic and apply all settings by Apply flag. Expand the Assign section and select Static Group San Diego. Result Policies created by Administrator will be applied first because they are assigned to group All. Settings with the Force flag have priority and cannot be overwritten by a later policy. Then policies created by user John will be applied. Navigate to More > Groups > San Diego, click the computer and select Details. In Configuration > Applied policies is the final policy application order. The first policy is created by Administrator and the second created by user John. |
Home Group is automatically detected based on the assigned permission sets of the currently active user.
Example scenario: The currently active user account has the Write access right for Software Install Client Task and the user account Home Group is "Department_1". When the user creates a new Software Install Client Task, "Department_1" will be automatically selected as the client task Home Group. |
If the pre-selected Home Group does not meet your expectations, you can select the Home Group manually.