This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to asssign rules to users/computers/groupsSGN

Dear kind users,

 

I feel super dumb asking this question but I can't seem to find how to do this or where it is described.

I am evaluating the SafeGuard Encrytpion solution for my company with a trial license and I'm seem to be unable to apply rule/rulesets to Active Directory users groups or computers

 

I haven't found any ressources with screenshots or detailed explanations on how to do this and I appreciate any pointers in the right direction.

 

Kind Regards



This thread was automatically locked due to age.
Parents
  • Hi - Yes all possible to do.

    You can have AD based groups as well as SG ones too - I have it configured this way to add more flexibility than just AD groups.

    Your first stage will se syncing with your DC host (or another server you wish to replicate AD from)

    Once AD is mirrored in SG you can then assign policies to the users and groups accordingly. These are applied at the top of the structure.

    You can manually create groups too, but if you have AD - I'd use that in preference for computers and DEF for users! 

     

    This guide may help more

    https://docs.sophos.com/esg/sgn/8-0/admin/win/en-us/webhelp/index.htm#concepts/PoliciesAboutManaged.htm

     

    So - Select an OU/container you wish to apply a policy to (you've already created the policy?)

    Drag it in from the right hand side onto the Policies tab.

    AUTOMATICALLY this will be assigned to ALL authenticated users AND computers that reside in this container!

    If you do not want this to be the case - Drag both those objects out of the bottom half and drag in who you DO want it to apply to (if it isn't all as above)

     

    You may for instance want to create a group of computers that CAN decrypt their own drive (lets say they travel a lot to China or something!) 

    You could apply this policy to ALL computers (if applied at the right level) but then choose a group to apply this to. So if you're in the group "China" this applies to you - everyone else gets the policy, but it's void/ignored because they're not a member of this group.

    There's also the NO OVERIDE option - FORCE this regardless even if there's a conflicting policy. Useful sometimes when you know you've applied multiple policies to the same container.

     

    Finally - make good use of RSOP (Resultant set of policies), as in what does the client actually get after all these settings. This can be used with a user AND computer or just computer.

     

    Hope this helps a little?

     

  • Thanks for the hint! It does help. I did find it as well not long before I saw your post. When you work at a computer screen for years you get blind for some spots. I ran into another issue but I'l give it some time before I cry about it this time :)

     

    Thank you!

Reply Children