Use Smart Rules to Assign Policy

After you add and upload a policy to BeyondInsight from the Policy Editor (if you are using the MMC Policy Editor), log in to your BeyondInsight instance to create Smart Rules to assign policies for assets and users.

If BeyondInsight and Endpoint Privilege Management for Windows are successfully communicating, the Endpoint Endpoint Privilege Management option becomes available under Menu > Assets.

Create a Smart Rule to Assign Policy to Assets

  1. From the left menu in your BeyondInsight instance, click Smart Rules.
  2. Click Create Smart Rule.

Create New Smart Rule to Assign Policies to Assets

  1. From the Category dropdown, select Assets and Devices.
  2. Type a name and description for the Smart Rule.
  3. In the Selection Criteria section, design a query to create a list of assets you want to assign policy to.

For this example, we can narrow down the results of our query to locate our test system, NN-1K12RBR. Choose to match ALL criteria and select Asset fields > Asset Name > contains > NN-1K12RBR.

  1. From the Actions dropdown, select Deploy Endpoint Privilege Management Policy.
  2. Click Select Policies for Deployment.
  3. The Endpoint Endpoint Privilege Management policies you uploaded from Endpoint Privilege Management for Windows are listed. Click + to add the policy, and then click Accept Changes.
  4. Click Create Smart Rule.

 

For more information about creating and organizing Smart Rules, see Use Smart Rules to Organize Assets in the BeyondInsight User Guide.

Create a Smart Rule to Assign Policy to Users

  1. From the left menu in your BeyondInsight instance, click Smart Rules.
  2. Select Policy User from the dropdown.
  3. Click Create Smart Rule +.

Create a new Smart Rule to assign policies to users.

  1. From the Category dropdown, select Policy Users.
  2. Type a name and description for the Smart Rule.
  3. In the Selection Criteria section, design a directory query to create a list of users you want to assign policy to.
  4. From the Actions dropdown, select Deploy Endpoint Privilege Management Policy.
  5. Click Select Policies for Deployments.
  6. The Endpoint Endpoint Privilege Management policies you uploaded from Endpoint Privilege Management for Windows are listed. Click + to add the policy, and then click Accept Changes.
  7. Click Create Smart Rule.

 

For more information about managing policies for EPM, see Manage EndPoint Endpoint Privilege Management Policies in the BeyondInsight User Guide.

Grant Users Permissions to Log in to the Policy Editor

If you want to grant additional users access to log in to the Policy Editor, read and write access must be included on the Endpoint Privilege Management for Windows assets. Add this access by including permissions in the Smart Rule.

  1. From the homepage in your BeyondInsight instance, click Configuration.
  2. Under Role Based Access, select User Management.
  3. Locate the group you want to edit and click the menu to the far right.
  4. Select View Group Details.

Screenshot of assigning permissions to a Smart Group in BeyondInsight.

  1. In the Group Details pane, click Smart Groups.
  2. In the Smart Groups Permissions pane, select the appropriate Smart Group.
  3. Click Assign Permissions above the grid.
  4. Select Assign Permissions Full Control.