Previous Topic: AttributesNext Topic: Manually Exempt Users From Policy


Exempt Users

(Only applicable for users with licenses such as CA Data Protection Express)

Exempt users are users who have a CA Data Protection account on the CMS but who are exempt from policy. That is, CA Data Protection does not monitor email, web or file activity for policy-exempt users.

Most importantly, exempt users are not included in your licensed user count. For example, if your CA Data Protection license allows 100,000 users, your CMS is permitted to store user accounts for 100,000 licensed users plus an unlimited number of exempt users.

Why Do I Need Exempt Users?

If you deploy CA Data Protection endpoint agents on a shared computer (for example, in a hot desking environment), a new CA Data Protection user account is created automatically each time a new user logs onto that computer. In an organization with many shared computers, this can result in more user accounts than your CA Data Protection license permits. In turn, this can mean that some users are not subject to policy control even if you want them to be.

Even if you delete an unwanted CA Data Protection account in the Administration console, CA Data Protection automatically recreates the account if that user logs into Windows again on any CA Data Protection computer.

If you have users in your organization who are not subject to CA Data Protection policy control, you can exempt these users from policy to avoid exceeding your maximum number of licensed users.

How Do I Create Exempt Users?

You can manually exempt users from policy. In effect, you convert a licensed user account to an exempt user account.

You can also automatically exempt specific users from policy when you run an Account Import job. For example, you can exempt any user accounts imported from your LDAP directory and which have a specific LDAP attribute.