Previous Topic: How to Prepare an Endpoint for Policy DeploymentNext Topic: Policy Deployment Method


How to Deploy Policies in a Staged Manner

When you deploy your policy, there are several actions that you can take to ensure that the policy deploys and performs without errors. After you have prepared your endpoint for policy deployment, we recommend that you proceed with a staged policy deployment.

We recommend that you first deploy the policies in a test environment. Then adjust the policies as required and deploy the policies in the production environment.

To deploy policies in a staged manner:

  1. Deploy the policy in Warning mode

    The policy is now active but does not enforce the policy rules. You can then examine the audit log to preview the results of your intended policy before you put that policy into effect.

    Note: By default, the sample policies scripts set Warning mode for all policy rules.

  2. Review the CA ControlMinder audit log for warning messages

    After you deploy the policy, any policy breaches show up in the audit log as warnings (assuming your policy rules use Warning mode).

  3. Use the system in real scenarios and analyze the audit log again

    To test your policy effectively you can perform regular operating procedures on the computer (log in, start and stop services and applications, and so on). You can then analyze the audit log again to see if any new warnings appear.

  4. Adjust the policy as required

    Using the information that you gathered from the audit log, you can adjust the policy to account for expected use in your environment.

  5. Remove Warning mode to enable the policy

    Once you are confident your policy is ready to enforce rules in your production environment, you can remove Warning mode to enable it.

    The policy is now enforced.

Note: If you want to change a policy, first disable policy enforcement (use Warning mode). Then change the policy and reactivate it when you are confident the changes are working as desired.

More information:

Warning Mode

Policy Deployment Method

How to Customize the Policies for Your Environment

Enable Sample Policy Enforcement