I am trying to set DLP up in a way that if a logged on user isnt part of a User Assignment Group they are assigned a specific policy (in this case the most restrictive) Or have some sort automatic user assignment into the restrcited user group.
Just as at the moment everytime a new user is added to AD we are adding them manually into the DLP user assignemt group. Just hoping for a less manual way to do as, as generally all users are assigned the most restrictive policy anyway.
I have setup a computer assignemt policy and applied to workstations which gives me the desired effect as i can apply the policy to all worstations if required, however this seems to be overriding the user assigned policies and aplpying the most resetrictive(computer assigned) policy over the less restrictive(user assigned) policy. Which will leave some end users not very happy. Can i prioritize the order of the policies assigned in anyway?
Any help would be appreciated.
Message was edited by: brenns1 on 17/10/13 05:23:01 CDT
If the company policy is to restrict devices by default and grant exceptions based on business justification, then:
1. Include "Everyone" and Exclude "Authorized Users". This includes ALL users across ALL domains.
2. Include "Domain Users" and Exclude "Authorized Users". This includes ALL users on the current domain. Add Domain Users for each domain used in the company.