EasyManua.ls Logo

Check Point HARMONY R81 - Prerequisites for Using Virtual Groups; Types of Virtual Groups; Predefined Virtual Groups

Check Point HARMONY R81
451 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Virtual Groups in Policy Rules
R81 Harmony Endpoint Server Administration Guide|153
n
Using Active Directory but do not want to use it for Endpoint Security. For example:
l
Different administrators manage the Active Directory and Endpoint Security.
l
Your Endpoint Security requirements are more complex than the Active Directory
groups. For example, you want different groups for laptop and desktop computers.
n
Using a non-Active Directory LDAP tool.
n
Working without LDAP.
n
Creating computer-based policies for Endpoint Security components that normally
support only user-based Policies.
Prerequisites for Using virtual groups
Important - To manage
users
with a virtual group, you must do one of these steps:
n
Use Full Disk Encryption and enable
"User Authorization before Encryption"
on page197
.
n
Import objects into Endpoint Security with the Active Directory Scanner. Then,
you can move them between virtual groups manually.
Types of Virtual Groups
There are two types of virtual groups:
n
Virtual Group - Can contain users and computers.
n
Computer Group - Only contains computers. Computers in this group have computer-
based policies if there is a policy assigned to the group. The priority of the policies is
based on the sequence of rules in the Policy Rule Base.
For example, Media Encryption & Port Protection policy rules normally apply to users,
regardless of which endpoint computer they use. However, if a Media Encryption & Port
Protection rule is applied to a Computer Group, that rule can be effective before a rule
that applies to a user. This is true if the Computer Group rule is above the user's rule in
the Policy Rule Base.
If you add objects to a virtual group with an installation package, the objects are not
automatically put into these virtual groups. You must do so manually. See
"Adding Objects
with an Installation Package" on page157
,
Predefined Virtual Groups
Users and computers with Endpoint Agent installed are automatically assigned to these
predefined virtual groups:
n
All Laptops
n
All Desktops

Table of Contents

Related product manuals