Create the rules in DLP Policy and Apply to ePO.
Go to Policy Catalog and assign the rules using Computer based assignment.
So if I have 5 groups under system tree with different policy settings I need to create 5 policies under DLP and then assign it to individual group in system tree right?
Also if I were to allow, let's say CD writing on a particular PC on a temporary basis, what is the best approach to achieve this?
You can reuse the same policy on multiple groups. You need not create more than 1 Computer Assignment Policy for one requirement.
Create a separate Computer Assignment Policy for temporary use. Assign it as needed and reassign the correct policy after the temporary use.
I have followed the following steps.
Create a computer assignment group with DLPE 9.x:
- Log on to the ePO 4.x console.
- Click Menu, Policy, Policy Catalog.
- Select Data Loss Prevention 9.x.x.x:Policies from the Product drop-down list.
- Select Computers Assignment Group from the Category drop-down list.
- Click the Duplicate link under the Actions column for the McAfee Default Computers Assignment entry.
- Rename the Policy.
- Click the name of the new policy and enable the required rules.
NOTE: You must create new rules via the DLP Policy interface.
I am stuck at step 7. To enable the rules, I need to go to DLP Policy interface. Under this interface how do I load the newly created computer assignment group created in the above step 5.
Now when I click on the newly created computer assignment group, I see the attached screen. How to proceed further? The attached screen is again giving me the option to duplicate the policy.
Message was edited by: avilt on 7/9/14 9:23:02 AM CDT
DLP Screen.png 66.8 K
You need to refer to the ePO Product Guide to understand how to break inheritence and apply a policy to different parts of the system tree.
Step 7 here is talking about checking the rule for Logged in or Local users (enabling/enforcing them for the system tree location this policy is applied to).
You create rules in an enabled state in the DLP Policy and then use either User or Computer assignment to enforce the rules to users or computers respectively.