|
|
You can use the Policy tool to do the following:
To display help for the Policy tool, you type the following command:
To export the Phase 1 policy on the GS0100 manager, type the Security Officer account, the my1pass+ password, and the export file name at the command prompt as follows:
policytool export gs0100 "Security Officer" my1pass+ phase1.xml "Phase 1"
To import a policy, use the import format and type the required values and options in a Policy tool command.
For example, to import the Phase 1 policy on the GS0200 manager, you type the Security Officer account, the my2pass+ password, and the import file name at the command prompt as follows:
policytool import gs0200 "Security Officer" my2pass+ phase1.xml
While importing a policy to a manager, the Policy tool checks for the policy name on the destination manager. If the Policy tool finds the policy name, the Policy tool prompts for a decision to overwrite the policy. If you type Yes, the Policy tool overwrites the policy on the manager. If you include the -y option in an import command, the Policy tool writes the policy on the destination manager without prompting for a decision. Symantec Enterprise Security Manager does not keep multiple copies of policies with the same name on a single manager. If different users import the same policy on the same manager, the last version of the policy overwrites all previous versions.
Display conflicts using GUI components
To display conflicts using GUI components while exporting or importing policies, you use the -gui option with an export or import Policy tool command.
For example, to make GUI components report detected conflicts while exporting the policy in Example 2, you type the following:
policytool export gs0100 "Security Officer" my1pass+ phase1.xml "Phase 1" -gui
To import the policy in Example 3 using GUI components to display detected conflicts, you type the following:
policytool import gs0200 "Security Officer" my2pass+ phase1.xml -gui
To suppress conflict reporting while exporting or importing policies, use the -y or -n option in the Policy tool.
For example, to suppress detected conflicts while exporting the Phase 1 policy in Example 2, add the following command to a batch file:
policytool export gs0100 "Security Officer" my1pass+ phase1.xml "Phase 1" -y
To import the policy while suppressing detected conflicts in the GS0200 manager, you type the following:
policytool import gs0200 "Security Officer" my2pass+ phase1.xml -y
policytool export gs0100 "Security Officer" my1pass+ phase1.xml "Phase 1" -n
-y overwrites the conflicts and -n does tno overwrite the conflicts while exporting.
The Policy tool exports policy files to the current directory by default. To export policy files to another directory on the computer, you specify the full path of the directory.
For example, to export the policy in Example 2 to the C:\Export directory on the GS0100 manager, you type the following:
policytool export gs0100 "Security Officer" my1pass+ "c:\export\phase1.xml" "Phase 1"
To import the policy exported in this example to the C:\Import directory on the GS0200 manager, you type the following:
policytool import gs0200 "Security Officer" my2pass+ "c:\import\phase1.xml"
To minimize the demands on network resources and the size of the exported policy files, use the -z option with the export or import command. This option compresses the .xml file into a .zip file.
For example, to export the policy in Example 2 as a zip file, you type the following:
policytool export gs0100 "Security Officer" my1pass+ phase1.zip "Phase 1" -z
To import the policy that is exported in this example to the GS0200 manager as a zip file, you type the following:
policytool import gs0200 "Security Officer" my2pass+ phase1.zip -z
To connect with a manager that is running on a Windows operating system through a different TCP port, you use the -p option followed by the TCP port number.
For example, to export the policy in Example 2 using TCP port 3812, you type the following:
policytool export gs0100 "Security Officer' my1pass+ phase1.xml "Phase 1" -p 3812