Managing Offline Audit, Shadowing and Alerts for Devices

DeviceLock Security Policies (Offline Profile) : Managing Offline Security Policies for Devices : Managing Offline Audit, Shadowing and Alerts for Devices

For details on the Auditing & Shadowing feature, see Auditing, Shadowing & Alerts (Regular Profile). For details on the Alerts feature, see Alerts. For information about how to enable online (regular) alerts, see Auditing, Shadowing & Alerts (Regular Profile). For information about how to enable offline alerts, see Enabling offline alerts.

Offline audit, shadowing rules and alerts can have one of the following states:

•Not Configured - Offline audit, shadowing rules, and alerts are not defined for the device type.

•Configured - Offline audit, shadowing rules and/or alerts are defined for the device type.

•No Audit - Offline settings for the device type do not allow audit, shadowing, and alerts for any accounts.

•Use Regular - Inheritance of offline audit and shadowing rules is blocked and regular audit and shadowing rules are enforced. Offline DeviceLock Service settings can have this state only in DeviceLock Service Settings Editor or DeviceLock Group Policy Manager.

The enforcement of regular rules is helpful when using Group Policy or DeviceLock Service settings files (.dls) to deploy DeviceLock policies throughout the network as this kind of enforcement can be used to prevent offline rules inherited from a higher level from being applied to a specific group of client computers at a lower level.

For more information on the enforcement of regular rules, see Removing offline audit and shadowing rules.

Managing offline audit, shadowing rules and alerts involves the following tasks:

• Defining and editing offline audit and shadowing rules

• Enabling offline alerts

• Undefining offline audit and shadowing rules

• Removing offline audit and shadowing rules