|
|
|
Every policy you create and store on the DMS automatically gets a version number. The first time you store a policy it receives a version number "01". For example, the first time you store policy myPolicy, CA Access Control Enterprise Management creates a GPOLICY object named myPolicy and a POLICY object named myPolicy#01. Every time you store a policy that already exists on the DMS, the latest stored version of the policy is incremented by one to create the new policy version. For example, when you store a version of myPolicy for the twenty-eighth time, CA Access Control Enterprise Management creates a POLICY object named myPolicy#28.
Note: This procedure describes how you use CA Access Control Enterprise Management to create and store a policy version. This procedure does not apply to UNAB login and configuration policies.
To create and store a policy version
These are the commands necessary to construct the policy you want to deploy on endpoints in your enterprise.
Important! Policy deployment does not support commands that set user passwords. Do not include such commands in your deployment script file. Native selang commands are supported but will not show in deviation reports.
These are the commands necessary for undeploying (removing) the policy from endpoints in your enterprise.
The Policy tasks appear.
The Create Policy: Policy Search screen appears.
Note: If you want to create a new version for an existing policy, click Modify Policy instead and search for the policy you want to modify.
The Create Policy task page appears.
Defines the name of the policy (GPOLICY object). This name has to be unique on the DMS (enforced) and in your enterprise (not enforced but you will not be able to deploy a policy to a host if a policy of the same name already exists).
(Optional) Defines a business description (free text) of the policy. Use this field to record what this policy is for and any other information that helps you identify the policy.
Use this option if you did not create a script file with the deployment commands.
Use this to provide specific information about the deployment scripts you use for this policy version.
This option specifies that the new policy version you create can be deployed. If you are not finished creating the deployment script, clear this option.
Note: If you do not select this option, you can modify the deployment scripts without creating a new version of the policy. However, a non-finalized policy version cannot be deployed.
The Add Member dialog appears.
The Add Member dialog closes and the policies you selected are added to the Members List for the policy you are creating.
The task is submitted and, if successful, a message indicating that a new policy version was created appears shortly afterwards. You follow a different process to create and deploy UNAB login and configuration policies.
Note: You can also use the policydeploy utility to perform this task. For more information about the policydeploy utility, see the Reference Guide.
| Copyright © 2012 CA. All rights reserved. |
|