|
|
|
When you deploy your policy, there are several actions you can take to ensure that the policy deploys and performs as expected and without errors. After you have prepared your endpoint for policy deployment, we recommend that you proceed with a staged policy deployment.
We recommend that you deploy the policies first in a test environment and after you have adjusted the policies as required, deploy the policies in the production environment.
To deploy policies in a staged manner:
The policy is now active but does not enforce its rules. You can then examine the audit log to preview the results of your intended policy before you put that policy into effect.
Note: By default, the sample policies' scripts set Warning mode for all policy rules.
After you deploy the policy, any policy breaches show up in the audit log as warnings (assuming your policy rules use Warning mode).
To test your policy effectively you can perform regular operating procedures on the computer (log in, start and stop services and applications, and so on). You can then analyze the audit log again to see if any new warnings appear.
Using the information you gathered from the audit log, you can adjust the policy to account for expected use in your environment.
Once you are confident your policy is ready to enforce rules in your production environment, you can remove Warning mode to enable it.
The policy is now enforced.
Note: If you want to make changes to a policy, you should first disable policy enforcement (use Warning mode), make the changes to the policy and then reactivate it when you are confident the changes are working as desired.
| Copyright © 2012 CA. All rights reserved. |
|