Policies is integral part of any any Trigger-it deployment, and it allows administrators to set and control Trigger-it Agent settings and define certain policies to control security settings.
Understanding Policies
Policies are comprised of the following:
- Policy Element: an individual policy settings that control specific setting or defines a blocking/bandwidth setting for example.
- Policy Group: Groups elements together and assigns them to a certain tag or a computer.
Available Policy Elements
Inventory Interval: This sets the interval of Software and Hardware inventory cycles.
Remote URL: This sets the FQDN of Trigger-it remote control server, this could be an HTTP/HTTPs in IP or FQDN format, it must be entered as http://<SERVERNAME> or http://<IP> or https://<SERVERNAME> or https://<IP>
Filtering Settings: This allows you to enabled or disabled monitoring settings and information that agents collects including Network monitoring, EXE monitoring, Application White-listing, Users Behavior Analysis and Print monitoring
Block Traffic: This allows you to block traffic to certain IPs, TCP ports, UDP ports.
Bandwidth Control: Allows you to set a bandwidth limit to certain EXEs and prevents them from exceeding the defined bandwidth limit.
Block EXE: Allows you to block files based on certain file names, it works even if the file was renamed.
Agent Settings: Allows you to define Sandbox server URL and SMTP server settings used by Trigger-it services and agents to send email notifications.
Print Policy: Allows you to control printing on managed endpoints and define block printing on certain printers, allows printing on certain printers, define number of black and white and color pages to be printed per days or blocking printing.
Add SMTP Recipient: Allows you to add email addresses which will receive email notifications from Trigger-it
Policy Assignments
You can assign a policy to unlimited numbers of tags or computers, but each tag level or computer can have only 1 policy assigned.
Trigger-it doesn’t contain policy aggregation or override, rather it simplify the process by assigning policies in the following order:
- Policies assigned to an agent directly.
- Policy assigned to Tag level 1
- Policy assigned to Tag level 2.
- Policy assigned to Tag level 3.
- Policy Assigned to Tag level 4.
If a policy is found at a certain level, policy processing stops and applies this policy and its settings and no further policies are processed.
Creating Policies
Policies can be created from the policies section, there are multiple views:
- Policy Assignments: shows current policy assignments for Tags and PCs.
- Policy Groups: shows currently created policy groups and included policy elements.
- Policy Elements: Shows the currently created policy assignments which could be reused across policy groups and assignments multiple times.
Policy Assignment View
The policy assignment view shows the currently assigned policy groups and where they are assigned either to a tag or to a PC.
The below example, the policy assignment view shows that there is a policy called HQ and assigned to a tag called HQ as well, additional the view shows the current policy watermark which is the latest date the policy has been updated.
From this view you can create additional policy elements or policy groups from the ribbon menu:
Newly created policy elements are not assigned by default, you must include them into a policy group to update the clients with the new policy.
To do so, select a policy group and choose edit policy group:
This will open the policy edit menu which will allow you to remove policy elements from the policy group or include additional policy element in the policy group.
You can multi-select policy elements from the right panel and include it in the policy group, also you can refresh the policy elements if there was a newly created policy element that is not currently displayed.
Once you select save the policy group the policy watermark will be updated and clients who refresh their policy will receive the policy immediately.
You can trigger a policy update action from the endpoints section:
Deleting a Policy Group
You can delete a policy group by selecting a policy group and choosing Delete Policy Group from the ribbon menu.
This will delete the policy group and its assignment but will not delete the included policy elements.
Deleting Policy Elements
You can delete a policy element by opening the policy element view and select policy elements and choosing delete policy element from the ribbon menu:
This will remove the policy element and will remove it from any policy group and assignment and policies will be updated with a new watermark to reflect the changes to client computers.