Previous Topic: How to Customize the Policies for Your EnvironmentNext Topic: Disable Sample Policy Enforcement


Enable Sample Policy Enforcement

By default, the sample policy scripts set Warning mode for all policy rules. When you deploy the policy it is active but does not enforce the rules. After you familiarize yourself with the policy and customize it as required, you are ready to enable the policy so that policy rules are enforced.

Note: This procedure explains how to enable policy enforcement for a single policy. For more information about how to enable policy enforcement for multiple policies following system maintenance, see the Endpoint Administration Guide for your operating system.

To enable sample policy enforcement

  1. Edit the policy script to change each instance of warning to warning-.

    When you run a rule that sets warning- for a resource or accessor, CA ControlMinder removes Warning mode from the resource or accessor.

  2. Deploy the edited policy.

    Policy enforcement is enabled.

Example: Enable Windows Sample Policy Enforcement

The following excerpt is from the sample JBoss policy for Windows. The policy is enabled because "warning" is changed to "warning-".

# Protect JBoss files
# -------------------

# Protect JBoss files in the application directory.
# These rules apply protection to files that are not protected by other rules.
editfile       ("<!JBOSS_HOME>\*") owner(nobody) defaccess(NONE) warning- comment ("AC Sample - JBoss base dir")
authorize FILE ("<!JBOSS_HOME>\*") id(ROL_JBOSS_ADMIN) access(ALL)        via(pgm("<!JBOSS_HOME>\bin\*"))
authorize FILE ("<!JBOSS_HOME>\*") id(jboss_pgm)       access(READ,CHDIR) via(pgm("<!JBOSS_HOME>\bin\*", "<!JBOSS_JAVA_PGM>"))

More information:

How to Perform System Maintenance