DeviceLock Consoles and Tools : DeviceLock Service Settings Editor : Creating or Modifying a Policy
  
Creating or Modifying a Policy
To create a new policy from scratch, just run DeviceLock Service Settings Editor and start making changes in its default (empty) policy.
If you want to modify an existing policy, you should load the DeviceLock Service settings file with that policy to DeviceLock Service Settings Editor using the Load Service Settings shortcut menu command and then make desired changes.
 
Note: The name of the settings file loaded to the editor is displayed in the caption of the console window (such as Service Settings - [date time] - DeviceLock Service Settings Editor).
If you create a new policy from scratch, you should use the Save Service Settings command from the shortcut menu to save it to a file. Alternatively, you can use the Save & Sign Service Settings command to save the policy to a file and automatically sign it with the most recent DeviceLock Certificate (the private key). The Save & Sign Service Settings command is unavailable when the DeviceLock Signing Tool has no previously loaded private key. It is also possible not to store SID (security identifiers) in the settings file (see Settings file save options).
Later files with policies created using DeviceLock Service Settings Editor can be loaded via DeviceLock Management Console and/or DeviceLock Group Policy Manager.
Also, files with policies can be sent to users whose computers are not online and thus out-of-reach via management consoles. To avoid unauthorized modification these files should be signed with the DeviceLock Certificate (the private key) using the DeviceLock Signing Tool. For more information, see Service Settings in the DeviceLock Signing Tool section of this manual.
If you modify an existing policy file, DeviceLock Service Settings Editor automatically saves your changes.
 
Note: Only settings that are explicitly defined in a policy file apply to client computers. All policy settings that have the Not Configured state are ignored by client computers.
DeviceLock Service Settings Editor is also used in the Set Service Settings plug-in of DeviceLock Enterprise Manager. This plug-in runs DeviceLock Service Settings Editor as an external application and opens it with the service settings file selected in the plug-in’s settings dialog box.
When you make any policy changes (change parameters, set permissions, define white lists, etc.) in the service settings file passed to the editor by the plug-in, DeviceLock Service Settings Editor automatically saves them to this file. As soon as you finish modifying the policy just close DeviceLock Service Settings Editor and return to the plug-in’s settings dialog box.
For more information, see Set Service Settings plug-in description in the DeviceLock Enterprise Manager section of this manual.