15 Importing and Exporting Policies. Novell ZENworks Endpoint Security Management 4.1
Add to My manuals216 Pages
advertisement
Importing and Exporting Policies
If you need to send policies to another ZENworks
®
Endpoint Security Management system, or if you want to back up your policies, you can export them. You can also import policies you receive or policies you export for backup purposes.
15
The following sections contain instructions:
Section 15.1, “Importing Policies,” on page 103
Section 15.2, “Exporting a Policy,” on page 103
IMPORTANT: For information about exporting polices to distribute to endpoint devices, see
Chapter 14, “Distributing a Policy,” on page 99 .
15.1 Importing Policies
A policy can be imported from any file location on the available network.
1 In the Management Console, click File > Import Policy.
If you are currently editing or drafting a policy, the editor closes the policy (prompting you to save it if necessary) before opening the Import a Policy dialog box.
2 In the File Name & Location field, click the browse button to select the policy file to import.
3 Click Import.
After the policy is imported, it can be further edited or immediately published.
15.2 Exporting a Policy
Policies can be exported from the Management Console and distributed via e-mail or through a network share. This lets you share policies between two or more ZENworks Endpoint Security
Management systems.
To export a policy:
1 In the Management Console, make sure the policy you want to export is open.
2 Click File > Export.
3 In the File Name & Location field, specify a destination and give the policy a name with an extension of .sen
(for example, C:\Desktop\salespolicy.sen
) If necessary, click the browse button to browse to a location.
4 Click Export.
Two files are exported. The first file is the policy ( *.sen
file). The second file is the setup.sen
file, which is required to decrypt the policy at import.
Exported policies must be imported into a Management Console before they can be published to managed users.
Importing and Exporting Policies 103
104 ZENworks Endpoint Security Management 4.1 Administration Guide
Security Client
The ZENworks
®
Endpoint Security Management Client, referred to as the Security Client, enforces security policies on endpoint devices.
The following sections provide information to help you manage the Security Client. For information about using the Security Client, see the ZENworks Endpoint Security Client for Windows 2000/XP
User Guide and the ZENworks Endpoint Security Client for Windows Vista/7 User Guide .
Chapter 16, “About the Security Client,” on page 107
Chapter 17, “Installing the Security Client,” on page 113
Chapter 18, “Updating the Security Client,” on page 115
Chapter 19, “Uninstalling the Security Client,” on page 117
Chapter 20, “Using the Security Client Diagnostic Tools,” on page 121
III
Security Client 105
106 ZENworks Endpoint Security Management 4.1 Administration Guide
advertisement
Related manuals
advertisement
Table of contents
- 1 ZENworks Endpoint Security Management 4.1 Administration Guide
- 5 Part I System Configuration and Maintenance 13
- 5 1 Managing Directory Service Connections 15
- 5 2 Changing the Policy Distribution Service URL 23
- 5 3 Configuring Data Synchronization Schedules 25
- 5 4 Forcing Data Synchronization 27
- 5 5 Managing Directory Service Objects that Have Moved 29
- 5 6 Renewing ZENworks Endpoint Security Management Credentials 31
- 5 7 Managing Encryption Keys 33
- 5 8 Applying a License Key 35
- 5 Part II Security Policies 37
- 5 9 Creating a Security Policy 39
- 5 10 Configuring a Policy’s Global Settings 41
- 6 11 Configuring a Policy’s Locations 61
- 6 12 Configuring a Policy’s Integrity and Remediation Rules 87
- 6 13 Configuring a Policy’s Compliance Reporting 97
- 6 14 Distributing a Policy 99
- 6 15 Importing and Exporting Policies 103
- 6 Part III Security Client 105
- 6 16 About the Security Client 107
- 7 17 Installing the Security Client 113
- 7 18 Updating the Security Client 115
- 7 19 Uninstalling the Security Client 117
- 7 20 Using the Security Client Diagnostic Tools 121
- 7 Part IV Auditing 137
- 7 21 Generating Standard Reports 139
- 8 22 Generating Custom Reports 147
- 8 23 Using Alerts Monitoring 157
- 8 Part V Utilities 161
- 8 24 ZENworks File Decryption Utility 163
- 9 25 Override-Password Key Generator 165
- 9 26 Device Scanner 167
- 9 Part VI Appendixes 169
- 9 A Predefined TCP/UDP Port Groups 171
- 9 B Predefined Access Control Lists 173
- 9 C Predefined Application Controls 175
- 9 D Advanced Scripting Rules 177
- 9 E Shared Component Usage 215
- 11 About This Guide
- 13 I System Configuration and Maintenance
- 15 1 Managing Directory Service Connections
- 15 1.1 Creating a Directory Service Configuration
- 15 1.1.1 Defining eDirectory as the Directory Service
- 18 1.1.2 Defining Active Directory as the Directory Service
- 21 1.2 Synchronizing the Management Database with the Directory Service
- 21 1.3 Removing a Directory Service Configuration
- 23 2 Changing the Policy Distribution Service URL
- 25 3 Configuring Data Synchronization Schedules
- 27 4 Forcing Data Synchronization
- 29 5 Managing Directory Service Objects that Have Moved
- 31 6 Renewing ZENworks Endpoint Security Management Credentials
- 33 7 Managing Encryption Keys
- 33 7.1 Exporting Encryption Keys
- 33 7.2 Importing Encryption Keys
- 34 7.3 Generating a New Key
- 35 8 Applying a License Key
- 37 II Security Policies
- 39 9 Creating a Security Policy
- 41 10 Configuring a Policy’s Global Settings
- 41 10.1 Accessing the Global Settings
- 42 10.2 Policy Settings
- 44 10.3 Wireless Control
- 46 10.4 Communication Hardware
- 47 10.5 Storage Device Control
- 49 10.6 USB Connectivity
- 49 10.6.1 How the Access Setting Is Determined
- 50 10.6.2 Configuring the USB Connectivity Settings
- 53 10.7 Data Encryption
- 54 10.7.1 Configuring the Data Encryption Settings
- 56 10.7.2 Data Encryption Performance Impact
- 56 10.8 ZSC Update
- 57 10.9 VPN Enforcement
- 61 11 Configuring a Policy’s Locations
- 61 11.1 Location Concepts
- 62 11.2 Adding a Location
- 63 11.3 Configuring a Location
- 65 11.3.1 Locations
- 66 11.3.2 Communication Hardware
- 68 11.3.3 Storage Device Control
- 69 11.3.4 Firewall Settings
- 76 11.3.5 Network Environments
- 78 11.3.6 USB Connectivity
- 82 11.3.7 Wi-Fi Management
- 86 11.3.8 Wi-Fi Security
- 87 12 Configuring a Policy’s Integrity and Remediation Rules
- 87 12.1 Antivirus/Spyware Rules
- 89 12.1.1 Integrity Tests
- 91 12.1.2 Integrity Checks
- 92 12.2 Advanced Scripting Rules
- 94 12.2.1 Script Variables
- 95 12.2.2 Script Text
- 97 13 Configuring a Policy’s Compliance Reporting
- 99 14 Distributing a Policy
- 99 14.1 Publishing a Policy
- 100 14.2 Republishing an Updated Policy
- 102 14.3 Exporting a Policy
- 103 15 Importing and Exporting Policies
- 103 15.1 Importing Policies
- 103 15.2 Exporting a Policy
- 105 III Security Client
- 107 16 About the Security Client
- 107 16.1 What the Security Client Does
- 107 16.2 Security Client Differences Based on Windows Version
- 110 16.3 Security Client Self Defense
- 111 16.4 Multiple-User Support
- 111 16.5 Machine-Based Policies
- 113 17 Installing the Security Client
- 115 18 Updating the Security Client
- 115 18.1 Using a Policy’s ZSC Update Setting
- 115 18.2 Using the Installation Program’s Upgrade Switch
- 115 18.3 Using an MSI Uninstall and Reinstall
- 117 19 Uninstalling the Security Client
- 117 19.1 Preparing a Machine for Client Uninstallation
- 117 19.2 Performing an Attended Uninstall
- 118 19.3 Performing an Unattended (Silent) Uninstall
- 121 20 Using the Security Client Diagnostic Tools
- 121 20.1 Windows 2000/XP Security Client Diagnostics Tools
- 121 20.1.1 Creating a Diagnostics Package
- 123 20.1.2 Administrator Views
- 127 20.1.3 Logging
- 128 20.1.4 Reporting
- 129 20.2 Windows Vista/7 Security Client Diagnostic Tools
- 129 20.2.1 Creating a Diagnostics Package
- 131 20.2.2 Administrator Views
- 134 20.2.3 Module List
- 135 20.2.4 Logging
- 137 IV Auditing
- 139 21 Generating Standard Reports
- 139 21.1 Generating a Report
- 141 21.2 Adherence Reports
- 141 21.2.1 Endpoint Check-In Adherence
- 141 21.2.2 Endpoints that Never Checked-In
- 141 21.2.3 Group Policy Non-Compliance
- 141 21.2.4 Policy Assignment
- 141 21.2.5 Endpoint Check-In Adherence
- 142 21.3 Alert Drill-Down Reports
- 142 21.3.1 Client Tampering Alert Data
- 142 21.3.2 Files Copied Alert Data
- 142 21.3.3 Override Attempts Alert Data
- 142 21.3.4 Port Scan Alert Data
- 142 21.3.5 Uninstall Attempt Alert Data
- 142 21.3.6 Unsecure Access Point Alert Data
- 142 21.4 Application Control Reports
- 143 21.4.1 Application Control Details
- 143 21.5 Endpoint Activity Reports
- 143 21.5.1 Blocked Packets by IP Address
- 143 21.5.2 Blocked Packets by User
- 143 21.5.3 Network Usage Statistics by User
- 143 21.5.4 Network Usage Statistics by Adapter Type
- 144 21.6 Encryption Solutions Reports
- 144 21.6.1 File Encryption Activity
- 144 21.6.2 Encryption Exceptions
- 144 21.7 Client Self Defense Reports
- 144 21.7.1 Endpoint Security Client Hack Attempts
- 144 21.8 Location Reports
- 144 21.8.1 Location Usage Data by Date and User
- 145 21.9 Outbound Content Compliance Reports
- 145 21.9.1 Removable Storage Activity by Account
- 145 21.9.2 Removable Storage Activity by Device
- 145 21.9.3 Detected Removable Storage Devices
- 145 21.9.4 Chart 7 Days of Removable Storage Activity by Account
- 145 21.10 Administrative Overrides Reports
- 145 21.10.1 Security Client Overrides
- 146 21.11 USB Devices Reports
- 146 21.12 Wireless Enforcement Reports
- 146 21.12.1 Wireless Connection Availability
- 146 21.12.2 Wireless Environment History
- 147 22 Generating Custom Reports
- 147 22.1 Software Requirements
- 148 22.2 Creating a ZENworks Endpoint Security Management Compliant Report
- 149 22.3 Available Reporting Information
- 151 22.4 Creating a Report
- 157 23 Using Alerts Monitoring
- 157 23.1 Configuring Endpoint Security Management for Alerts
- 157 23.1.1 Activating Reporting
- 158 23.1.2 Optimizing Synchronization
- 158 23.2 Configuring Alert Triggers
- 159 23.3 Managing Alerts
- 161 V Utilities
- 163 24 ZENworks File Decryption Utility
- 163 24.1 Using the File Decryption Utility
- 163 24.2 Using the Administrator Configured Decryption Utility
- 165 25 Override-Password Key Generator
- 167 26 Device Scanner
- 169 VI Appendixes
- 171 A Predefined TCP/UDP Port Groups
- 173 B Predefined Access Control Lists
- 175 C Predefined Application Controls
- 177 D Advanced Scripting Rules
- 177 D.1 Supported Script Languages
- 177 D.2 Rule Scripting
- 178 D.3 Trigger Events
- 180 D.4 Script Namespaces
- 180 D.4.1 General Enumerations and File Substitutions
- 182 D.4.2 Action Namespace
- 188 D.4.3 Query Namespace
- 198 D.4.4 Storage Namespace
- 200 D.5 Interfaces
- 200 D.5.1 IClientAdapter Interface
- 202 D.5.2 IClientEnvData Interface
- 203 D.5.3 IClientNetEnv Interface
- 209 D.5.4 IClientWAP Interface
- 209 D.5.5 IClientAdapterList Interface
- 210 D.6 Sample Scripts
- 210 D.6.1 Create Registry Shortcut (VBScript)
- 212 D.6.2 Allow Only One Connection Type (JScript)
- 213 D.6.3 Stamp Once Script
- 215 E Shared Component Usage