The Policy Rules tool allows an administrator to automatically assign policies to client workstations in a more comprehensive way. Rules are applied immediately after the client connects to the server; they have priority over the Default Primary Clients Policy and over manual assigning. The Default Primary Clients Policy only applies if the client does not fall under any current rules. Likewise, if there is a manually assigned policy to be applied and it is in conflict with the policy rules, the configuration forced by the policy rules will take precedence.
Policy rules have a tab within the Policy Manager, where they can be created and managed. The process of creation and application is very similar to that of rule creation and management in email clients: each rule can contain one or more criteria, the higher the rule is in the list, the more important it is (it can be moved up or down).
To create a new rule, click the New... button. Then enter a Name, Description, Client filter parameter and Policy (a policy that will be applied to any clients matching the specified criteria).
To configure the filtering criteria, click the Edit button.
The available criteria are:
(NOT) FROM Primary Server if (not) located on primary server
IS (NOT) New Client if it is (not) a new client
HAS (NOT) New Flag applies to clients with/without the New Client flag.
Primary Server (NOT) IN (specify) if name of the primary server contains/does not contain...
ERA GROUPS IN (specify) if client belongs to the group
ERA GROUPS NOT IN (specify) if client does not belong to the group
DOMAIN/WORKGROUP (NOT) IN (specify) if client belongs/does not belong to the domain
Computer Name Mask (specify) if computer name is ....
HAS IP Mask (specify) if client belongs to the group defined by the IP address and mask
HAS IP Range (specify) if client belongs to the group defined by the IP range
HAS (NOT) Defined Policy (specify) if client does (or does not) adopt the policy
Product Name (NOT) IN - if product name is...
Product Version IS (NOT) - if product version is...
Client Custom Info Mask (NOT) IN - if Client Custom Info contains...
HAS (NOT) Protection Status (specify) - if client´s protection status is...
Virus Signature DB Version IS (NOT) - if virus signature database is...
Last Connection IS (NOT) older than (specify) - if last connection is older than...
IS (NOT) Waiting For Restart - if client is waiting for restart
Policy rules can be imported/exported from/to an .xml file and they can also be created automatically by using the Policy Rules Wizard, which allows you to create a policy structure based on the existing group structure and map created policies to groups by creating correspondent policy rules. For more information on importing/exporting policy rules see chapter titled Importing/Exporting policies.
To remove a policy rule, click the Delete button from the Policy Manager window. Click Run Policy Rules Now if you want to immediately apply all rules.