I am testing the Device Control in ePO (just removable devices) in a Windows workgroup environment. In this setup how can I control the access to devcies based on computers?
In ePO, Menu -> Data Protection -> DLP Policy takes me to DLP console.
Here do I need to create each policy for a set of computers and link it in the system tree?
I dont find any documents on McAfee site on configuring DLP for device control.Message was edited by: avilt on 7/7/14 9:27:08 AM CDT
So if I have 5 groups under system tree with different policy settings I need to create 5 policies under DLP and then assign it to individual group in system tree right?
Also if I were to allow, let's say CD writing on a particular PC on a temporary basis, what is the best approach to achieve this?Message was edited by: avilt on 7/7/14 12:47:18 PM CDT
You can reuse the same policy on multiple groups. You need not create more than 1 Computer Assignment Policy for one requirement.
Create a separate Computer Assignment Policy for temporary use. Assign it as needed and reassign the correct policy after the temporary use.
I have followed the following steps.
Create a computer assignment group with DLPE 9.x:
NOTE: You must create new rules via the DLP Policy interface.
I am stuck at step 7. To enable the rules, I need to go to DLP Policy interface. Under this interface how do I load the newly created computer assignment group created in the above step 5.
Now when I click on the newly created computer assignment group, I see the attached screen. How to proceed further? The attached screen is again giving me the option to duplicate the policy.
Message was edited by: avilt on 7/9/14 9:23:02 AM CDTMessage was edited by: avilt on 7/9/14 9:25:08 AM CDT
You need to refer to the ePO Product Guide to understand how to break inheritence and apply a policy to different parts of the system tree.
Step 7 here is talking about checking the rule for Logged in or Local users (enabling/enforcing them for the system tree location this policy is applied to).
You create rules in an enabled state in the DLP Policy and then use either User or Computer assignment to enforce the rules to users or computers respectively.