When you deploy your policy, there are several actions that you can take to ensure that the policy deploys and performs without errors. After you have prepared your endpoint for policy deployment, we recommend that you proceed with a staged policy deployment.
We recommend that you first deploy the policies in a test environment. Then adjust the policies as required and deploy the policies in the production environment.
To deploy policies in a staged manner:
The policy is now active but does not enforce the policy rules. You can then examine the audit log to preview the results of your intended policy before you put that policy into effect.
Note: By default, the sample policies scripts set Warning mode for all policy rules.
After you deploy the policy, any policy breaches show up in the audit log as warnings (assuming your policy rules use Warning mode).
To test your policy effectively you can perform regular operating procedures on the computer (log in, start and stop services and applications, and so on). You can then analyze the audit log again to see if any new warnings appear.
Using the information that you gathered from the audit log, you can adjust the policy to account for expected use in your environment.
Once you are confident your policy is ready to enforce rules in your production environment, you can remove Warning mode to enable it.
The policy is now enforced.
Note: If you want to change a policy, first disable policy enforcement (use Warning mode). Then change the policy and reactivate it when you are confident the changes are working as desired.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|