Policies and Templates

A Privilege Management for Mac policy is made up of one or more items from the following groups. Each of these groups can be a node in Privilege Management Settings:

  • Workstyles: A Workstyle is part of a policy. It's used to assign Application Rules for users. You can create Workstyles by using the WorkStyle Wizard or by importing them.
  • Application Groups: Application Groups are used by Workstyles to group applications together to apply certain Privilege Management for Mac behavior.
  • Messages: Messages are used by Workstyles to provide information to the end user when Privilege Management for Mac has applied certain behavior you have defined and needs to notify the end user.


Disconnected users are fully supported by Privilege Management for Mac. When receiving policies from McAfee ePO, Privilege Management for Mac automatically caches all the information required to work offline, so the settings will still be applied if the client is not connected to the corporate network. Any changes made to the policy will not propagate to the disconnected computer until the McAfee Agent reestablishes a connection to the ePO Server.


Privilege Management for Mac policies are applied to one or more endpoints. The Policy Summary screen summaries for the number of Workstyles, Application Groups, and Messages in the policy. As this is a blank policy, all summaries will be zero.

Each item summary includes an Edit <Item> button, which allows you to jump to that section of the policy.

Privilege Management for Mac incorporates an autosave, autosave recovery, and concurrent edit awareness feature to reduce the risk or impact of data loss and prevent multiple users from overwriting individual polices.

A Privilege Management for Mac template is a configuration that is merged with your existing policy. A template also consists of any number of Workstyles, Application Groups, Content Groups, Messages, and Custom Tokens.

Edit Group Policy

To edit policy, we recommend you use the Group Policy Management snap-in. Once you have installed the Privilege Management Policy Editor, the Privilege Management for Mac settings are available in the Group Policy Management snap-in. The Group Policy Management snap-in can be accessed from the Microsoft Management Console or Group Policy Management editor.

If you want to create local policy to administer your endpoints, you can use the Privilege Management snap-in in the Microsoft Management Console or the Local Group Policy Editor. This will create a local policy only.