cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 11 of 16

Re: DLP 9.3 CD/DVD rules

Jump to solution

  That would be very helpful.  Are privileged groups temperamental?  I currently have two groups configured in this section.  One group is functioning as I thought it would (meaning its not blocking any of my rules), but the other group (Domain Admins) I have set up is not.

I then tried going away from privileged users for domain admin and set up rules to allow usb and allow cd/dvd burning.  These policy changes don't seem to be taking.  when I find my test machine in the system tree and under dlp it shows no policies applied...

Just doesn't make sense why one privileged group works and the other doesn't....

tonyw
Level 12
Report Inappropriate Content
Message 12 of 16

Re: DLP 9.3 CD/DVD rules

Jump to solution

You may want to use those commands on the endpoint to confirm.

Another option would be to use the Agent Diagnostic tool from the McAfee download page for troubleshooting policy enforcement issues.

McAfee Downloads - Antivirus, Antimalware, Virus Scan | McAfee

Former Member
Not applicable
Report Inappropriate Content
Message 13 of 16

Re: DLP 9.3 CD/DVD rules

Jump to solution

Turns out this was related to AD "OU" and an AD "Container".  The group that was working properly was located in an AD "OU".  The group that was not working was located in an AD "container".  Once I moved the group from a "container" to an "OU" it work perfectly.

Former Member
Not applicable
Report Inappropriate Content
Message 14 of 16

Re: DLP 9.3 CD/DVD rules

Jump to solution

if possible can you change correct answer to tonyW, he was the one that explained it out better than me

I guess that would make sense that you can't sync containers since you can't link GPOs to them.

Have you noticed if the DLP policy will apply if your security group = domain local ?

Former Member
Not applicable
Report Inappropriate Content
Message 15 of 16

Re: DLP 9.3 CD/DVD rules

Jump to solution

I have not tried applying DLP policies to domain local group.

Former Member
Not applicable
Report Inappropriate Content
Message 16 of 16

Re: DLP 9.3 CD/DVD rules

Jump to solution

so we both found out interesting things on our DLP deployment. did a little testing yesterday and did the whoami /group like suggested.

I am surprised I didn't notice this sooner. My user acct is on one domain, ,and my computer acct is on a different domain. so the domain local is in the same domain as my user account and my computer acct in AD is in a child domain as my user acct. So the security group isn't applying I think because the system is in a child domain. hence why why DLP testing wasn't working with the security group I checked ....... LOL

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community