Policies can be changed in two ways with Symantec Endpoint Encryption, either through Group Policy Objects in Active Directory or through Symantec Endpoint Encryption Native Policies. If you have setup Endpoint Encryption to sync with Active Directory, the policies for all objects within Active Directory are handled through Group Policy Objects. If a client computer does not exist in Active Directory, policies can then be assigned through Native Policies. While each contains identical options, policies handled through Group Policy Objects are created and edited in quite a different manner than native policies.
Active Directory Policies
To create or edit an Active Directory policy, expand the Group Policy Management snap-in, expand your forest, expand Domains
, expand the domain, and expand Group Policy Objects
- To edit an existing GPO, right-click the GPO and select Edit.
- To create a new GPO, right-click Group Policy Objects and select New.
The Group Policy Object Editor (GPOE) will launch.
- To edit or create a computer policy, expand Computer Configuration, expand Software Settings, and expand Symantec Endpoint Encryption. Then expand Symantec Endpoint Encryption Framework and/or Symantec Endpoint Encryption Full Disk, according to your needs.
- To edit or create a user policy, expand User Configuration, expand Software Settings, and expand Symantec Endpoint Encryption. Then expand Symantec Endpoint Encryption Framework and/or Symantec Endpoint Encryption Full Disk, according to your needs.
Each Active Directory policy panel features three option buttons at the top:
- Do not change these settings—this option is the default option. It specifies that no changes to existing policies or installation settings will be made.
- Change these settings—click this option if you want to specify a policy update. When this option is selected, the fields below it will become available. These fields will not be defaulted to the policies currently in effect, they will just display generic defaults.
- Restore the installation settings—click this option to apply a policy that instructs the client to disregard any existing policies and return to the settings that were specified in its installation package.
When the Change these settings
option is selected, your entries are validated when you click away from the panel. Any incorrect entries will be highlighted in red, and the icon for the panel, as shown in the navigation tree of the GPOE window, will change to a warning icon to remind you to return to that panel and make the necessary corrections before closing the GPOE window.
For a detailed discussion of the options that will become available when the Change these settings
option is selected, refer to “Policy Options
” on page 17 of the SEE-FD Policy Administration Guide
To create a native policy, right-click the Symantec Endpoint Encryption Native Policy Manager
and select Create New Policy
When naming a policy, observe the following:
- Each name must be unique and cannot have been assigned to any other native policy.
- Names are case-insensitive.
- Leading and trailing spaces will be deleted.
a native policy, expand the Symantec Endpoint Encryption Native Policy Manager. Locate the policy that you want to edit and highlight it
To assign the policy, right click
on the Symantec Endpoint Encryption Managed Computers group and choose Assign Policy to Group
Policy Administration Guide - 3. Policy Creation and Editing