DeviceLock Security Policies (Offline Profile) : Managing Offline Security Policies for Devices : Managing Offline Content-Aware Rules for Devices : Defining offline Content-Aware Rules
  
Defining offline Content-Aware Rules
Content-Aware Rules are created based on either the built-in or custom content groups. For detailed information on these groups, see Configuring Content Groups.
You can enable offline alerts that are sent when a specific offline Content-Aware Rule fires. Such alerts are enabled immediately after setting up an offline Content-Aware Rule.
DeviceLock sends alerts on the basis of alert settings. These settings specify where and how the alerts should be sent. Before enabling alerts for a specific Content-Aware Rule, alert settings must be configured in DeviceLock Service options (see Alerts).
To define an offline Content-Aware Rule
1. If using the DeviceLock Management Console, do the following:
a) Open DeviceLock Management Console and connect it to the computer running DeviceLock Service.
b) In the console tree, expand DeviceLock Service.
If using DeviceLock Service Settings Editor, do the following:
a) Open DeviceLock Service Settings Editor.
b) In the console tree, expand DeviceLock Service.
If using DeviceLock Group Policy Manager, do the following:
a) Open Group Policy Object Editor.
b) In the console tree, expand Computer Configuration, and then expand DeviceLock.
2. Expand Devices.
3. Under Devices, do one of the following:
Right-click Content-Aware Rules, and then click Manage Offline.
- OR -
Select Content-Aware Rules, and then click Manage Offline on the toolbar.
The Content-Aware Rules for Devices (Offline) dialog box appears.
4. In the lower-left pane of the Content-Aware Rules for Devices (Offline) dialog box, under Users, click Add.
The Select Users or Groups dialog box appears.
5. In the Select Users or Groups dialog box, in the Enter the object names to select box, type the names of the users or groups for which you want to define the rule, and then click OK.
The users and groups that you added are displayed under Users in the lower-left pane of the Content-Aware Rules for Devices (Offline) dialog box.
To delete a user or group, in the lower-left pane of the Content-Aware Rules for Devices (Offline) dialog box, under Users, select the user or group, and then click Delete or press the DELETE key.
6. In the lower-left pane of the Content-Aware Rules for Devices (Offline) dialog box, under Users, select the users or groups for which you want to define the rule.
You can select multiple users or groups by holding down the SHIFT key or the CTRL key while clicking them.
7. In the upper pane of the Content-Aware Rules for Devices (Offline) dialog box, under Content Database, select the desired content group, and then click Add, or double-click the desired content group.
 
Note: You can specify only one content group for a Content-Aware Rule.
The Add Rule dialog box appears.
8. In the Add Rule dialog box, in the Name box, type the name of the Content-Aware Rule.
By default, the rule has the same name as its content group. The name of the rule can be changed if needed.
To view this rule’s content group, click the View Group button in the bottom left corner of the dialog box. The console displays the properties of the group in a separate dialog box, allowing property values to be viewed but not modified.
9. Under Applies to, specify the type of operation associated with the rule. The available options are:
Permissions - Specifies that the rule will apply to access control operations.
Shadowing - Specifies that the rule will apply to shadow copy operations.
Detection - Specifies that the rule will apply to detection operations.
Permissions, Shadowing - Specifies that the rule will apply to both access control and shadow copy operations.
Permissions, Detection - Specifies that the rule will apply to both access control and detection operations.
Shadowing, Detection - Specifies that the rule will apply to both shadow copy and detection operations.
Permissions, Shadowing, Detection - Specifies that the rule will apply to all available operations: access control, shadow copy, and detection.
 
Note: To successfully create/save a rule that applies either to detection operations only or to detection operations combined with other operations, at least one of the following options must be selected for this rule: Log Event, Send Alert or Shadow Copy (see step 10 of this procedure). Otherwise, the rule cannot be saved and the following message appears: “Log Event, Send Alert or Shadow Copy should be specified.”
10. Under If this rule triggers, specify the following additional actions to be performed when the rule triggers:
Send Alert - Specifies that an alert is sent whenever the rule triggers.
Log Event - Specifies that an event is logged in the Audit Log whenever the rule triggers.
Shadow Copy - Specifies that a shadow copy of data is created whenever the rule triggers.
When alerts, audit and/or shadowing are enabled or disabled in a Content-Aware Rule, the rule setting takes precedence over the respective setting for the device type.
Example: If audit is enabled for a particular device type and disabled in a rule for that device type, the triggering of the rule does not cause audit events. If audit is enabled in the rule, then the triggering of the rule causes audit events, even if audit is disabled at the device-type level.
The rule can also inherit the alert, audit and/or shadowing setting from the device-type level. This is the default option, represented by the indeterminate state of the check boxes (neither checked nor cleared). The state of each check box can be changed individually.
Example: When a rule inherits the audit setting from the device-type level, the triggering of the rule causes audit events only if audit is enabled for the device type controlled by that rule.
11. Under Device Type(s), select the appropriate device type(s) you would like this rule to be applied to.
Content-Aware Rules can be applied to the following device types: Clipboard, Floppy, iPhone, MTP, Optical Drive, Palm, Printer, Removable, TS Devices, and Windows Mobile.
12. Under Action(s), specify which user actions are allowed or disallowed on files, which user actions are logged to the shadow log, and which user actions are detected.
If the rule applies to shadow copy operations combined with other operations, the Read user right becomes unavailable. If the rule applies to detection operations combined with other operations, only Allow action becomes available. For detailed information on user rights and actions that can be specified in Content-Aware Rules, see Access Control, Content-Aware Shadowing and Content-Aware Detection for devices.
13. Click OK.
The rule you created is displayed under Rules in the lower-right pane of the Content-Aware Rules for Devices (Offline) dialog box.
14. Click OK or Apply to apply the rule.
The users or groups to which the Content-Aware Rule applies are displayed under Content-Aware Rules in the console tree.
When you select a user or group to which a Content-Aware Rule applies in the console tree, in the details pane you can view detailed information regarding this rule (see List of Content-Aware Rules for Devices).
You can define different online vs. offline Content-Aware Rules for the same user or sets of users. For information on how to define online Content-Aware Rules, see Managing Content-Aware Rules in Content-Aware Rules (Regular Profile).