4 Replies Latest reply on Apr 23, 2014 7:31 AM by nelson

    Implementacion DLP 9.3

    nelson

      Buenos Dias, quisiera preguntar a la comunidad sobre la implementacion de el control de dispositivos USB utilizando el Mcafee DLP 9.3, tengo creadas mis reglas de solo lectura, bloqueo y lectura - escritura, mi servidor EPO se encuentra integrado con mi active directory, mi consulta es la siguiente cuando quiero utilizar grupos del Active Directory para aplicar las restricciones las mismas no funcionan no se aplican a los usuarios integrantes del grupo del Active Directory, pero si en ves de seleccionar un grupo selecciono un usuario la restriccion se aplica ni bien se actualice las politicas en el equipo local; Debido al tamaño del universo de usuarios realizar una administracion doble en el EPO y el Active Directory me consume un tiempo considerable, por lo tanto la solucion mas eficaz es administrar un solo grupo y no tener que cargar en un grupo en el EPO, tendrian alguna idea de si estoy obviando alguna configuracion que me permita utilizar grupos en el AD para aplicar las politicas?

       

      Seleccion del tipo de Objeto grupo (USB_BLOQ)

      Captura 1.JPG

      Grupo Asignado

      Captura 2.JPG

        • 1. Re: Implementacion DLP 9.3
          nelson

          Good Morning , I would like to ask the community about the implementation of the control USB devices using the McAfee DLP 9.3 , I created my rules read-only, lock, and read - write , my EPO server is integrated with my active directory , my question is this, when I want to use Active Directory groups to apply the same restrictions do not work, do not apply to members of the group users Active Directory, but if you selecting a user the restriction applies as soon policies is updated on the local computer ; Due to the size of the universe of users to manage the EPO and Active Directory will consume considerable time , therefore the most effective solution is to administer a single group and not have to load in the EPO group , would have some idea if I'm ignoring any settings that allow me to use the AD groups to implement policies?

           

          Thanks, (sorry for my Horrible english)

          • 2. Re: Implementacion DLP 9.3

            Active Directory can take up to 8 hours to replicate membership changes. If you are using AD Groups in User Assignment Groups and added user IDs to the AD groups, wait for up to 8 hours.

            If the computer is plugged in to an ethernet port, log off and a log in typically updates the AD membership changes on the local computer immediately.

            1 of 1 people found this helpful
            • 3. Re: Implementacion DLP 9.3
              Parachute

              A little hint:

              If you change the group membership of a user - for example - you put the user in a special "dlp-group" in active directory,

              enforce policies from the epo agent (client) and then relog the user. If you won't relog the user, the new group membership will not be recogniced at client side.

              • 4. Re: Implementacion DLP 9.3
                nelson

                Thanks for the help, im now testing and is working, i thought that the replication was inmediate

                1 of 1 people found this helpful