Complex Content Groups
Complex groups allow the use of Boolean expressions for a more flexible definition of the data to be controlled. These groups can include any combination of built-in or custom content groups (File Type Detection, Keywords, Pattern, Document Properties, Digital Fingerprints) linked by standard logical operators. Each content group is treated as a single filter criterion that can be included in the Boolean expression. Combining multiple content groups in a Complex content group enables the creation of complex filters to identify sensitive content of data transmitted over the network.
The following table lists the logical operators in order of precedence from highest to lowest.
Operator | Meaning |
NOT | Logical negation of a filter criterion |
AND | Both filter criteria must apply |
OR | Either filter criterion can apply |
Parentheses can be used to modify the precedence of operators and force some parts of an expression to be evaluated before others. Nested criteria enclosed in parentheses are evaluated in inner-to-outer order. Multiple levels of nesting are supported. A Complex group can contain a maximum of 50 content groups.
There are no predefined (built-in) Complex content groups to use. The following procedure describes how to create custom Complex groups.
To create a Complex group
1. If using the DeviceLock Management Console, do the following:
a) Open DeviceLock Management Console and connect it to the computer running DeviceLock Service.
b) In the console tree, expand DeviceLock Service.
If using the DeviceLock Service Settings Editor, do the following:
a) Open DeviceLock Service Settings Editor.
b) In the console tree, expand DeviceLock Service.
If using the DeviceLock Group Policy Manager, do the following:
a) Open Group Policy Object Editor.
b) In the console tree, expand Computer Configuration, and then expand DeviceLock.
2. Expand either the Devices or Protocols node.
3. Under the Devices or Protocols node, do one of the following:
•Right-click Content-Aware Rules, and then click Manage.
- OR -
•Select
Content-Aware Rules, and then click
Manage 
on the toolbar.
This will display a dialog box similar to the following.
4. In the upper pane of the dialog box that appears, under Content Database, click the drop-down arrow next to Add Group, and then click Complex.
This will display the Add Complex Group dialog box.
5. In the Add Complex Group dialog box, do the following:
•Name - Specify the name of the group.
•Description - Specify a description for the group.
•Add - Add content groups from the Content Database to the end of the group list in the Criteria column:
a) Click Add, or double-click a blank area in the Criteria column.
b) In the dialog box that appears, select the content group, and then click OK, or double-click the content group.
You can select multiple content groups by holding down the SHIFT key or the CTRL key while clicking them.
To view information about a content group, select the desired group, and then click View Group.
The content groups added appear in the Criteria column in the Add Complex group dialog box. Each content group added is treated as a single filter criterion that can be included in the Boolean expression.
•Insert - Add a content group from the Content Database above the group selected in the Criteria column:
a) Select a group in the Criteria column, and then click Insert.
b) In the dialog box that appears, select the content group to insert, and then click OK, or double-click the content group to insert.
•View - View information about the group selected in the Criteria column:
•Select a group in the Criteria column, and then click View, or double-click the group to view.
•Delete - Delete the selected group from the Criteria column.
•NOT - Apply the logical NOT operator to each of the selected content groups. To do so, select the desired group in the Criteria column, and then select the appropriate check box in the NOT column.
•AND/OR - Join each of the selected content groups with the logical AND or OR operator. To do so, select the desired group in the Criteria column, and then click either AND or OR in the appropriate list in the AND/OR column.
•Clear - Clear the current list of content groups in the Criteria column.
•Validate - Validate the expression. If the expression was defined incorrectly (for example, an opening parenthesis was not matched with a closing parenthesis), an error message will appear.
6. Click OK to close the Add Complex Group dialog box.
The new content group created is added to the existing list of content groups under Content Database in the upper pane of the dialog box for managing content-aware rules.
Note: When moving an entry to the place of an adjacent one in the list of groups, the NOT check box setting moves together with the entry if the number of opening brackets is less than or equal to that of closing ones both in the moved entry and in the entry to which place it is moved. If at least one of them has more opening brackets than closing ones, the NOT check box setting does not move to the adjacent entry. Such a solution helps preserve the logical structure of the expression when the order of the list entries changes. |
