I am in a multi-domain enviroment with one ePO. 4.6.7 DLP 9.3
One of the things I am trying to do is roll out a read only policy thru each domain. Right now I have a UAG with domain users for each domain with local users added to the UAG
I built a rule that has a user assignment group (UAG) with just one domain users and have hit the local users button.
It seems when i did that it blocks local users across ALL domains. What would be the best way of block local users in just key domains. And allowing local users in other domains to write to DVD/CD.
Should I just block Local users at the computer assignemnt and assign to the system tree where I want it level instead of at the UAG level ?
Local Users are users who log in locally to a computer. Local Users have nothing to do with domains.
From a security perspective, users shouldn't be logging in as Local Users anyway (tracking, accountability, non-repudiation etc. becomes very difficult)
Message was edited by: vimalnavis on 7/16/14 11:16:13 AM CDT