Policy Object
DeviceLock Enterprise Server policies are a collection of policy objects. Each policy object contains four main elements: a name, a list of computers assigned to that policy object, configuration settings specified in a DeviceLock Service settings file (.dls), and a priority used to resolve conflicting policy settings among different policy objects.
The console displays policy objects in the console tree under DeviceLock Enterprise Server > Policies.
When you select a policy object in the console tree, the details pane lists the computers assigned to that policy object. The list in the details pane displays the following information on each computer:
•Computer Name - The name that identifies the computer.
•Status - The current status of the computer. The possible statuses and their associated icons are as follows:
•Icon: Gray computer, status: (empty). A temporary status that appears immediately after creation of the policy object. This status changes after the first attempt of DeviceLock Enterprise Server to establish a connection to DeviceLock Service and enforce a policy on it.
•Icon: Green computer, status: Computer is available. This status indicates that the computer is working and DeviceLock Service is running on it.
•Icon: Green computer with exclamation point, status: Group Policy is in use. This status indicates that Group Policy is applied and DeviceLock Enterprise Server is unable to push a policy.
•Icon: Green computer with exclamation point, status: Local Policy is in use. This status indicates that local computer policy is applied because DeviceLock Service has the Use Group/Server Policy setting disabled.
•Icon: Green computer with exclamation point, status: Acronis Cyber Protect Policy is in use. This status indicates that DeviceLock Service uses the policy received from the Acronis cyber protection system and ignores the policies from any other source.
•Icon: Red computer, status: Computer is unavailable. This status indicates that DeviceLock Enterprise Server is unable to connect to DeviceLock Service on the client computer.
•Icon: Red computer with exclamation point, status: Unresolved computer address. This status indicates that DeviceLock Enterprise Server is unable to resolve the name/address of the client computer.
•Icon: Green computer with exclamation point, status: Unsupported service version. This status indicates that DeviceLock Enterprise Server is trying to enforce policies on DeviceLock Service version 8.1 or earlier client versions. Policy enforcement is supported only for version 8.2 or later versions. This status can also indicate that the service version is newer than the server version.
•Icon: Green computer with exclamation point, status: Access is denied. This status indicates that DeviceLock Enterprise Server is unable to connect to DeviceLock Service due to lack of privileges. This happens when the account under which the DeviceLock Enterprise Server service starts has no rights to connect to DeviceLock Service. This status can also indicate that the certificate (the public key) installed on DeviceLock Service and the certificate (the private key) installed on DeviceLock Enterprise Server do not match.
•Icon: Green computer with exclamation point, status: No License. This status indicates that DeviceLock Enterprise Server is unable to enforce policies on the client computer running DeviceLock Service due to an insufficient number of licenses. DeviceLock Enterprise Server handles as many DeviceLock Services as there are licenses loaded into DeviceLock Enterprise Server.
•Icon: Red computer with exclamation point, status: Error. This status indicates all other unspecified errors that are not described above and that can occur during policy application on client computers.
•Last Deployment Time - The date and time when the policy was last applied in the following format: dd.mm.yyyy hh:mm:ss, for example, 20.12.2016 13:55:28.
•Last Connect Time - The date and time when connection was last established in the following format: dd.mm.yyyy hh:mm:ss, for example, 20.12.2016 13:55:28.
•Assigned Policy Objects - The names of all policy objects assigned to this computer. The names are separated by commas and listed in priority order, from highest to lowest priority.
•Applied Policy Objects - The names of the policy objects that have already been applied to the computer. The names are separated by commas and listed in priority order, from highest to lowest priority.
•Service Version - The version number and build number of DeviceLock Service.
The shortcut menu on a policy object in the console tree provides the same commands as the policy object’s menu in the details pane. For description of the commands, see
Using the Policies Node.
The shortcut menu on a computer in the details pane provides the following commands:
•Connect to DeviceLock Service - Connects the DeviceLock Management Console to DeviceLock Service running on that computer.
•Edit Policy Object - Opens a dialog box where you can view or change the settings of the policy object selected in the console tree.
•Edit Computers List - Opens a dialog box where you can view or change the list of computers assigned to the selected policy object.
•Assign to Policy Object - Allows you to specify the policy objects for the given computer. You can select or clear check boxes in the list of policy objects displayed by this command, assigning or removing the computer from the policy objects depending upon your selection.
If you select multiple computers, the Assign to Policy Object(s) command assigns all the selected computers to the selected policy objects. The complementary command Remove from Policy Object(s) removes all the selected computers from the selected policy objects.
•Exclude from All Policy Objects - Removes the computer from all policy objects.
As a result, the computer will receive only the Default Policy object if the DeviceLock Service on that computer is configured to use DeviceLock Enterprise Server policies.
•Load Policy - Allows you to load or replace the DeviceLock Service settings (.dls) file in the policy object. You can open the desired settings file in the dialog box that appears when you select this command.
This file stores DeviceLock Service settings. You can create a settings file by using the DeviceLock Management Console connected to a computer running DeviceLock Service. A better option would be to use the DeviceLock Service Settings Editor console for that purpose.
•Save Policy - Allows you to save the policy settings to a DeviceLock Service settings (.dls) file. You can specify a file in the dialog box that appears when you select this command.
Saving policy settings to a file might be helpful when you want to load them to another policy object. In this case, you can successively use the Save Policy and Load Policy commands.
•Delete Policy Object - Deletes the policy object selected in the console tree.
•Deploy Now - Sends the policy from the policy object selected in the console tree immediately to all computers assigned to that policy object. In case of multiple policy objects assigned to those computers, the command will send them the resultant policy from all objects.
•Refresh - Updates the list of computers with the latest information.
Since the console does not automatically update information displayed in the list of computers, you need to update the list by using the Refresh command.