Policies and Templates

A Privilege Management for Windows policy is made up of one or more items from the following groups. Each of these groups can be a node in Privilege Management Settings:

  • Workstyles: A Workstyle is part of a policy. It's used to assign Application Rules for users. You can create Workstyles by using the WorkStyle Wizard or by importing them.
  • Application Groups: Application Groups are used by Workstyles to group applications together to apply certain Privilege Management for Windows behavior.
  • Content Groups: Content groups are used by Workstyles to group content together to apply certain Privilege Management for Windows behavior.
  • Messages: Messages are used by Workstyles to provide information to the end user when Privilege Management for Windows has applied certain behavior that you've defined and need to notify the end user.
  • Custom Tokens: Custom tokens are used by Workstyles to assign custom privileges to content or Application Groups.

Users

Disconnected users are fully supported by Privilege Management for Windows. When receiving policies from McAfee ePO, Privilege Management for Windows automatically caches all the information required to work offline, so the settings are still be applied if the client is not connected to the corporate network. Any changes made to the policy do not propagate to the disconnected computer until the McAfee Agent reestablishes a connection to the ePO Server.

Policies

Privilege Management for Windows policies are applied to one or more endpoints. The Policy Summary screen summaries for the number of Workstyles, Application Groups, target URL groups, target Content Groups, messages, tokens and licenses in the policy. As this is a blank policy, all summaries will be zero.

Each item summary includes an Edit <Item> button, which allows you to jump to that section of the policy.

Privilege Management for Windows incorporates an autosave, autosave recovery, and concurrent edit awareness feature to reduce the risk or impact of data loss and prevent multiple users from overwriting individual polices.

A Privilege Management for Windows template is a configuration that is merged with your existing policy. A template also consists of any number of Workstyles, Application Groups, Content Groups, messages, and custom tokens.

Edit Group Policy

To edit policy, we recommend you use the Group Policy Management snap-in. Once you install the Privilege Management Policy Editor, the Privilege Management for Windows settings are available in the Group Policy Management snap-in. The Group Policy Management snap-in can be accessed from the Microsoft Management Console or Group Policy Management editor.

If you want to create local policy to administer your endpoints, you can use the Privilege Management snap-in in the Microsoft Management Console or the Local Group Policy Editor. This creates a local policy only.