Policy Application Scenarios: Required Configuration Steps

There are two main scenarios for applying DeviceLock Enterprise Server policies to client computers. The scenarios also describe configuration steps needed for successful policy enforcement.

In this scenario, the pre-configured agent (DeviceLock Service) running on a client computer connects to a specified DeviceLock Enterprise Server and receives the appropriate policy. Before you start to use this scenario, make sure that you have set the following service options:

•DeviceLock Enterprise Server(s) - Specifies a list of servers that DeviceLock Service can connect to.

•Policy Source(s) - Specifies the policy application mode for DeviceLock Service.

The following procedures provide instructions for setting these options.

1. If you use DeviceLock Management Console, do the following:

a) Open DeviceLock Management Console and connect it to the computer running DeviceLock Service.

If you use DeviceLock Service Settings Editor, do the following:

If you use DeviceLock Group Policy Manager, do the following:

b) In the console tree, expand Computer Configuration, and then expand DeviceLock.

When you select Service Options in the console tree, they are displayed in the details pane.

•Right-click DeviceLock Enterprise Server(s), and then click Properties.

4. In the DeviceLock Enterprise Server(s) list, double-click the Servers field next to the Everyone account, and then type the name or IP address of the computer running DeviceLock Enterprise Server. You can enter multiple names or IP addresses by separating them with a semicolon (;).

Policies can be received only from the servers assigned to the Everyone account.

Note: Make sure that DeviceLock Enterprise Server is properly installed and accessible to DeviceLock Service.

To make changes to the Servers field, double-click that field (another option is to click Edit or press F2).

1. If you use DeviceLock Management Console, do the following:

a) Open DeviceLock Management Console and connect it to the computer running DeviceLock Service.

If you use DeviceLock Service Settings Editor, do the following:

If you use DeviceLock Group Policy Manager, do the following:

b) In the console tree, expand Computer Configuration, and then expand DeviceLock.

When you select Service Options in the console tree, they are displayed in the details pane.

•Right-click Policy Source(s), and then click Properties.

4. In the Policy Source(s) dialog box, click any of the following options:

•Local & GPO - Indicates that a client computer applies either Group Policy or local computer policy, while the DeviceLock Enterprise Server policy is ignored.

•Local & Enterprise Server - Indicates that a client computer applies either the DeviceLock Enterprise Server policy or local computer policy, while Group Policy is ignored.

When these settings are set, you can configure DeviceLock Enterprise Server to send the appropriate policy to agents. For more information, see the Managing DeviceLock Policies section.

In this scenario, the previously installed agent has been updated to the latest version (with DeviceLock Enterprise Server policies) and can now receive the DeviceLock Enterprise Server policy in the server-push mode. This scenario requires that the following condition is met:

•The Policy Source(s) service parameter is either not specified or is set to Local & Enterprise Server.

For more information on the Policy Source(s) parameter, see the procedure To configure Policy Source(s) earlier in this section.

For more information on the server-push procedure, see the Immediately Applying Policies to Client Computers section later in this document.