3 Replies Latest reply on Aug 9, 2012 6:27 AM by Nishant Shah

    AD Question

    Nishant Shah

      Hi Guys,


      I know what i am asking is something basic but im not sure the set up i have doesnt work. i am try to do the following.


      1) block USB devices for all users.

      2) exclude a group of top level exec's.


      I already have the dlp rules in place but when try to enforce the rule to the users i face the problem.


      1) the excluded group of users are a part of more than 1 group.


      I am trying to block the whole OU and exclude this one group but that doesnt seem to work.


      can someone explain if im doing something wrong. Also a workaround would be nice to have.


      Thanks in Advance,



        • 1. Re: AD Question

          Have you tried adding the execs AD group into the 'Priviledged Users' group in the DLP policy screen?


          I believe being a member of this group overrides all policies.


          Note: Not sure if this functionality is unique to DLP 9.2 on ePO 4.6

          • 2. Re: AD Question
            Nishant Shah

            thanks again Tristan. will give it a try.


            btw, i have included and excluded some ou's and groups in one single user assignment group and it seems to be working fine.

            • 3. Re: AD Question
              Nishant Shah

              Works good for me.


              All i did was to include the include and exclude groups (or ou's or users) in the same user assignment rule rather can creating different rules for include and exclude. Works good (though currently testing with just 2 users).