How the User Groups index process works in Data Loss Prevention

book

Article ID: 159570

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Symantec Data Loss Prevention Enforce

You define User Groups on the Enforce Server.
User Groups contain user identity information you populate by synchronizing the Enforce Server with a group directory server (Microsoft Active Directory).

Resolution

First, you have to create a Group Directories connection to connect the Enforce to the AD LDAP server.

When you create a User Group, it shows immediately.

When you create or change a User Group, select “Refresh the group directory index on Save”.
Once you click save, the User Group profile is updated with the latest index replication.

You do not have to index each time. 
You control when you want to index.
If you change the Group GUID, then you need to re-index. 
You can set the Group Directories connection to “never” and only do the index through the User Groups when it is required.

The index process saves the information locally on the Enforce into an encrypted file.
RDX into the ..\Protect\index folder.
The RDX file is later pushed to the Detection servers.

The AD cache is stored on the Endpoint Agent in the SQLite grp.ead database.