cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 5

Implementacion DLP 9.3

Jump to solution

Buenos Dias, quisiera preguntar a la comunidad sobre la implementacion de el control de dispositivos USB utilizando el Mcafee DLP 9.3, tengo creadas mis reglas de solo lectura, bloqueo y lectura - escritura, mi servidor EPO se encuentra integrado con mi active directory, mi consulta es la siguiente cuando quiero utilizar grupos del Active Directory para aplicar las restricciones las mismas no funcionan no se aplican a los usuarios integrantes del grupo del Active Directory, pero si en ves de seleccionar un grupo selecciono un usuario la restriccion se aplica ni bien se actualice las politicas en el equipo local; Debido al tamaño del universo de usuarios realizar una administracion doble en el EPO y el Active Directory me consume un tiempo considerable, por lo tanto la solucion mas eficaz es administrar un solo grupo y no tener que cargar en un grupo en el EPO, tendrian alguna idea de si estoy obviando alguna configuracion que me permita utilizar grupos en el AD para aplicar las politicas?

Seleccion del tipo de Objeto grupo (USB_BLOQ)

Captura 1.JPG

Grupo Asignado

Captura 2.JPG

1 Solution

Accepted Solutions
Highlighted

Re: Implementacion DLP 9.3

Jump to solution

A little hint:

If you change the group membership of a user - for example - you put the user in a special "dlp-group" in active directory,

enforce policies from the epo agent (client) and then relog the user. If you won't relog the user, the new group membership will not be recogniced at client side.

View solution in original post

4 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 5

Re: Implementacion DLP 9.3

Jump to solution

Good Morning , I would like to ask the community about the implementation of the control USB devices using the McAfee DLP 9.3 , I created my rules read-only, lock, and read - write , my EPO server is integrated with my active directory , my question is this, when I want to use Active Directory groups to apply the same restrictions do not work, do not apply to members of the group users Active Directory, but if you selecting a user the restriction applies as soon policies is updated on the local computer ; Due to the size of the universe of users to manage the EPO and Active Directory will consume considerable time , therefore the most effective solution is to administer a single group and not have to load in the EPO group , would have some idea if I'm ignoring any settings that allow me to use the AD groups to implement policies?

Thanks, (sorry for my Horrible english)

Re: Implementacion DLP 9.3

Jump to solution

Active Directory can take up to 8 hours to replicate membership changes. If you are using AD Groups in User Assignment Groups and added user IDs to the AD groups, wait for up to 8 hours.

If the computer is plugged in to an ethernet port, log off and a log in typically updates the AD membership changes on the local computer immediately.

Highlighted

Re: Implementacion DLP 9.3

Jump to solution

A little hint:

If you change the group membership of a user - for example - you put the user in a special "dlp-group" in active directory,

enforce policies from the epo agent (client) and then relog the user. If you won't relog the user, the new group membership will not be recogniced at client side.

View solution in original post

Highlighted
Level 7
Report Inappropriate Content
Message 5 of 5

Re: Implementacion DLP 9.3

Jump to solution

Thanks for the help, im now testing and is working, i thought that the replication was inmediate

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community