Centrally stored policies
Centrally Stored Policies (CSP) are stored in the DriveLock database and are distributed to the agents via the DriveLock Enterprise Server (DES).
CSPs are ideal for most use cases because:
-
CSPs support versioning and change tracking and can be edited or published separately by the administrator.
-
Several CSPs can be assigned to one agent (which is not the case with configuration files, for example).
-
CSPs can be used in almost any network environment, including Active Directory, Workgroups and Novell Directory Service.
For Managed Security Service Providers (MSSP), CSPs are the best choice for keeping policies of different tenants separate.
A DriveLock Enterprise Service (DES) is required if you want to use centrally stored policies.
You can assign one or several CSPs to computers, DriveLock groups, AD groups, OUs or even to All computers. The CSPs can belong to the default tenant (root) or any other tenant. The agent knows the DES servers it can get CSPs from. This allows CSPs with different settings to be combined, for example, one CSP contains only basic settings that are then distributed to all clients, and another contains special settings that are assigned only to clients in a specific department. So for example you can create a CSP that contains the USB sticks of the marketing department, and this CSP will only be applied to the marketing clients.
Example:
| Order, policy name | Assigned to | Description |
|---|---|---|
| 1. License policy | All computers | Contains license information for all computers |
| 2. Default_all | All computers | Default settings for all computers |
| 3. USB sticks marketing | Marketing clients | Unlocked USB sticks for marketing |
| Disk Protection laptops | Laptops | Disk Protection |
| Application Control Servers | Servers | Allowed applications for servers |