Policies

On the Policies page, you can see and action current policies.

The Polices page also provides access points to the Policy Editor where you configure the policy.

Overview

Policies page in EPM

On the Policies page,

  • Create a policy
  • View policy details where you can keep track of policy revisions and drafts
  • Assign a policy to a computer group
  • Revert and discard changes to a policy
  • Delete a policy

 

Create a Policy

There are different ways to create and edit a policy:

  • Use the EPMPolicy Editor.
  • Use an XML file that contains policy configuration.

A standard user requires delegated access to the Policies page. For more information, see Review EPM Roles.

Use the Policy Editor

Use a QuickStart template for macOS or Windows to get started. You can then customize the template to suit your requirements.

  1. Go to Policies.
  2. Click Create Policy.
  3. Select one of the following:
    • QuickStart for Windows: A template with Workstyles, Application Groups, messages, and Custom Tokens already configured.
    • QuickStart for Mac: A template with Workstyles, Application Groups, and messages already configured.
    • Server Roles: The Server Roles policy contains Workstyles, Application Groups, and Content Groups to manage different server roles such as DHCP, DNS, IIS, and Print Servers.
    • Blank: Select to create a policy without any existing framework. There are no preconfigured settings in this template.
  4. Enter a name and description.
  5. Click Create Policy.

The Policy Editor opens to the Workstyles page. At this point, configure the Workstyle, Application Groups, Application Rules, and other policy configuration as required for your organization.

For more information about QuickStart templates, see Use Quickstart Templates.

Upload a File to Create Policy

You can upload an XML policy file in EPM when you first create the policy.

To upload an XML file for a new policy:

Select Import Policy to upload an XML policy file.

  1. Go to Policies.
  2. Click Create Policy.
  3. Select a policy template and enter policy details.
  4. Click Create Policy.
  5. Select Utilities > Import Policy.
  6. Choose either Merge Policy or Overwrite Policy and click the box to import your XML policy. You can also drop the file to upload in the box.
  7. Click Upload File.

 

Edit a Policy

When you edit a policy, the policy is locked. Other policy administrators cannot access the policy to change the properties when the status is Locked.

You can edit more than one policy at a time. Navigate between policies to copy settings in one policy to another. This can be useful if you are working in a test policy and want to copy the details to your production policy.

  1. After you finish all updates to the policy, click Save & Unlock to save a new revision of the policy.

Save & Lock Policy panel

  1. (Optional). On the Save & Unlock dialog box, you can enter Annotation notes about the policy changes. You can also check the Assign latest revision to affected groups box to assign the latest revision to groups the policy is currently assigned to. If you select this option:
    • (Optional). Use the filter option to filter by Group Name, Computers, or Revision.
    • To apply the revision to all groups listed, at the top left of the list, check the All box next to the Group Name heading.
    • You can also select Group Names individually, by checking the box at the left of each group.
  2. Click Save & Unlock.
  3. On the sidebar menu, click Policies.
  4. Click the policy, and then select Edit & Lock Policy (or Edit Policy, if the policy is unlocked). You can also just click on the policy name.
  5. On the Policy Editor page, go to the policy property you want to change, and edit.
  6. Click Save to save a draft of the policy. Clicking Save allows you to keep the Policy Editor open to continue editing the policy.

Edit a Policy XML File

You can change the properties of a policy using the XML file and a tool of your choice.

To edit a policy XML file:

  1. Go to Policies.
  2. Find the policy, and select Download Latest Revision from the menu.
  3. Change the properties.
  4. After you finish changes, on the Policies page, select the policy, and then select Upload Revision. The updated policy is recognized as a new revision based on a unique identifier in the XML. Each time the same policy is checked in, the revision of the policy is incremented.
  5. Import the policy. You can merge with the existing or overwrite. If the XML does not pass validation, then the policy is not uploaded.
  6. On the Auto Assign Policy to Groups dialog box, select the groups to update with the new policy revision.
  7. Select Apply to Groups.

Assign a Policy to a Group

  1. Go to Policies.
  2. Find the policy, and then select Assign Policy to a Group from the menu.
  3. In the Assign Policy to a Group panel, select the revision for the policy you want to assign, and then select the group.
  4. Click Assign Policy.

View Policy Details

On the View Details page for a policy, you can download policy revisions, see the check-in and discarded date and time, see the users with policy permissions, and review activity auditing on the policy.

Auditing activity includes audit type, the user accessing the policy, and a summary of the activity.

To access policy details:

  1. Go to Policies.
  2. Click the policy, and then select View Computer Details from the menu.

Policy Revisions and Drafts

You can review the history of revisions and drafts on the policy Revision History page.

  1. Click the policy, and then select Revision History from the menu. You can also just click on the policy name.
  2. Click the Revisions or Drafts option to view more information about the changes to the policy.

Promote a Policy

If you change a policy and you want to discard those changes, you can promote a previous version of the policy.

Promote policy menu item in EPM

To promote a previous version of a policy:

  1. Go to Policies.
  2. Find the policy, and then select View Policy Details from the menu.
  3. Click Revisions.
  4. Find the revision that you want to use, and then select Promote to Latest Revision.

 

  1. On the Promote Policy to Latest Revision dialog box, you can add notes for future reference.
  2. If the policy is already applied to certain groups, you can choose to apply the latest revision now by checking the Yes, auto assign latest revision to group(s) box.

 

To auto-assign a policy revision to one or more groups, you must be an administrator user or a standard user with permissions to all the groups that are affected by the policy. If you have insufficient access permissions, the auto-assign policy feature is not accessible.

  1. Click Promote to Latest.

For more information on roles and permissions, see Review EPM Roles.

Delete a Policy

Delete a policy when it is no longer needed.

When deleting a policy:

  • The policy must be unlocked. The Delete option is not available when the policy is locked.
  • If the policy is assigned to one or more groups, then you can select a different policy and revision. If you do not select another policy, then groups are no longer controlled by policy.

To delete a policy:

  1. Go to Policies.
  2. Find the policy, and then select Delete from the menu.
  3. Click Delete Policy.

Unlock a Policy

A policy locked by a user can be unlocked. The policy is reverted to the previous version. After unlocking the policy, the user account that locked the policy can no longer save or check in changes to that policy.

You can follow these steps when a policy is checked out using the MMC snap-in.

You must be an Administrator or Policy Administrator.

To unlock and discard the changes to a policy:

  1. Go to Policies.
  2. Find the policy, and then select Revert & Discard Changes from the menu.
  3. Click Revert & Discard.

Edit Policy Properties

You can change the name and description for a policy.

The policy must be unlocked to change the properties (except if you are the one who locked the policy). When a policy is locked, the Edit Policy Properties fields are not available.

Policy Properties panel

  1. Go to Policies.
  2. Find the policy, and then select Edit Properties.
  3. After changing the details, click Save Policy Properties.

Test a Policy

Starting in version 23.1, an application rule or application definition can be enabled or disabled. If you are a policy administrator, you can create a policy and test the configuration on computers. Enable the rule or definition to test the policy. Disable the rule or definition until you are ready to roll out the policy to your production environment.

Workflow:

  • Create your app rule or app definition.
  • Set to Disabled.
  • When ready for testing, enable the rule or definition.
  • Save the change to the policy.
  • Push the policy to your computers.
  • Access your test computer to verify the policy works.

Available on Windows and macOS policies.

To enable or disable an application rule:

Enable or disable an application rule in EPM Policy Editor.

  1. Go to Application Rules.
  2. Find the rule, and then select Enabled or Disabled from the menu.

 

 

To enable or disable the application definition:

Enable or disable an application definition in Endpoint Privilege Management.

  1. Go to the Application Group.
  2. Select Enabled or Disabled from the menu.

 

For more information, see: