14 Distributing a Policy. Novell ZENworks Endpoint Security Management 4.1
Add to My manuals216 Pages
advertisement
Distributing a Policy
After you create and configure a security policy, you need to distribute it to users or computers.
The method you use to distribute policies depends on whether your ZENworks ® Endpoint Security
Management system uses the Management Service and the Policy and Distribution Service. If your system includes the two services, you publish policies and the services deliver the policies. If your system does not include the services, you export policies and then manually deliver them.
The following sections provide information for both methods:
Section 14.1, “Publishing a Policy,” on page 99
Section 14.2, “Republishing an Updated Policy,” on page 100
Section 14.3, “Exporting a Policy,” on page 102
14
14.1 Publishing a Policy
If your ZENworks Endpoint Security Management system includes the Management Service and
Policy Distribution Service, complete the following steps to publish a policy to your endpoint devices.
If your system does not include the services, you must export policies and then manually deliver
them. Skip to Section 14.3, “Exporting a Policy,” on page 102 .
To publish a policy:
1 In the Management Console, open the policy.
2 Click the Publish tab.
Distributing a Policy 99
The Policy Publish page displays the directory service trees to which the system has connections.
3 Select the users, computers, or groups to which you want to publish the policy.
Keep in mind the following:
If you select an entire domain or organizational unit, the policy is published to all users and computers within the domain or unit.
If a directory object is displayed in red, your Management Console login account does not provide rights to publish to that object.
If the directory tree does not display the users, computers, or groups to which you want to publish the policy, you might need to synchronize the Management database with the directory service. Users and computers are not added to the Management database until 1) they are synchronized from the directory service or 2) they log in via the Security Client
for the first time. For information about synchronizing the database, see Chapter 3,
“Configuring Data Synchronization Schedules,” on page 25 .
If you need to clear your selected objects, click Refresh.
4 Click Publish.
14.2 Republishing an Updated Policy
After a policy has been published to users or computers, you must republish the policy if you make any changes to it.
100 ZENworks Endpoint Security Management 4.1 Administration Guide
For example, if you change the WEP key for an access point, you need to save the policy and then publish it again. Any user or computer to which the policy was previously published receives the updated policy the next time the Security Client checks in.
1 In the Management Console, open the policy.
2 Click the Publish tab.
The Policy Publish page displays the directory service trees to which the system has connections. The icon indicates the objects to which the policy was previously published.
You do not need to reselect these objects. The policy will automatically be republished to them.
3 If there are additional users, computers, or groups to which you want to publish the policy, select those objects.
Keep in mind the following:
If you select an entire domain or organizational unit, the policy is published to all users and computers within the domain or unit.
If a directory object is displayed in red, your Management Console login account does not provide rights to publish to that object.
If the directory tree does not display the users, computers, or groups to which you want to publish the policy, you might need to synchronize the Management database with the directory service. Users and computers are not added to the Management database until 1) they are synchronized from the directory service or 2) they log in via the Security Client
for the first time. For information about synchronizing the database, see Chapter 3,
“Configuring Data Synchronization Schedules,” on page 25 .
If you need to clear your selected objects, click Refresh.
4 Click Publish.
Distributing a Policy 101
14.3 Exporting a Policy
If your ZENworks Endpoint Security Management system does not include the Management
Service and the Policy Distribution Service, you must export a policy from your stand-alone
Management Console and then manually deliver it to endpoint devices.
To export a policy:
1 Locate and copy the Management Console setup.sen
file to a separate folder.
The setup.sen
file is generated at installation of the Management Console and is placed in the
\Program Files\Novell\ESM Management Console\ directory.
2 In the Management Console, open the policy.
3 Click File > Export Policy.
4 Specify the name and location for the file, then click Export.
For the location, specify the same folder containing the setup.sen
name, specify policy.sen
.. All policies distributed must be named policy.sen
in order for the Security Client to accept them.
5 Distribute the policy.sen
and setup.sen
files to endpoint devices.
These files must be copied to the \Program Files\Novell\ZENworks Security Client directory
The setup.sen
file needs to be copied to endpoint devices only once with the first policy.
Afterwards, only new (or updated) policies need to be distributed.
NOTE: There are multiple methods you can use to distribute the policy to a Security Client located on the same machine as the standalone Management Console.
If the Security Client was installed on the machine after the standalone Management Console, the file must be exported and transferred manually as described above.
If the Security Client was installed on the machine before the standalone Management Console, you can follow the steps above to export the policy, or you can publish the policy. To publish the policy, click File > Publish.
102 ZENworks Endpoint Security Management 4.1 Administration Guide
advertisement
Related manuals
advertisement