The only way 'policy' based Trusted Zone exclusions seem to actually work (using the Admin Kit), is by 'locking' the ability for users to alter them.
This prevents users from being able to add their own applications to the trusted zone.
Is there any way to get the policy exclusions to be enforced AND allow the users to add their own local ones ???
Thx....
Full Version: Trusted zone - policy vs. local
QUOTE(Tybilly @ 31.03.2008 02:12) 
I am having a hard time making sense of all of that for some reason. When I have tried to add an application to the trusted list globally, it seems like I have had to Lock the policy in order for it to hit the workstations, but when it's locked, users can't add their own exclusions.
What exactly do I need to do to push out a global exception, but still allow individual users to add their own?
QUOTE(cweeklund @ 2.06.2008 12:28)
I am having a hard time making sense of all of that for some reason. When I have tried to add an application to the trusted list globally, it seems like I have had to Lock the policy in order for it to hit the workstations, but when it's locked, users can't add their own exclusions.
What exactly do I need to do to push out a global exception, but still allow individual users to add their own?
What exactly do I need to do to push out a global exception, but still allow individual users to add their own?
I would also like to know step by step how to accomplish this. I have also read that paragraph, and its too broad of a description. I need specifics for this one situation.
Hello,
I try to explain with details how to apply settings to KAV WKS and to let users modifying its configuration :
1. Define your settings using the policy. Lock all modified options then you are they will be applied.
2. On the Enforcement tab, check the option "Apply all policy settings to the local settings at first policy application".
3. Click on the button "Change now".
4. Check that settings have been enforced on client side.
5. Disable policy, or unlock settings you want users could modify in the properties of the policy.
6. Check locally that previous has settings have been kept and that users are able to change settings.
I hope it will help.
I try to explain with details how to apply settings to KAV WKS and to let users modifying its configuration :
1. Define your settings using the policy. Lock all modified options then you are they will be applied.
2. On the Enforcement tab, check the option "Apply all policy settings to the local settings at first policy application".
3. Click on the button "Change now".
4. Check that settings have been enforced on client side.
5. Disable policy, or unlock settings you want users could modify in the properties of the policy.
6. Check locally that previous has settings have been kept and that users are able to change settings.
I hope it will help.
QUOTE(Tybilly @ 3.06.2008 15:05)
Hello,
I try to explain with details how to apply settings to KAV WKS and to let users modifying its configuration :
1. Define your settings using the policy. Lock all modified options then you are they will be applied.
2. On the Enforcement tab, check the option "Apply all policy settings to the local settings at first policy application".
3. Click on the button "Change now".
4. Check that settings have been enforced on client side.
5. Disable policy, or unlock settings you want users could modify in the properties of the policy.
6. Check locally that previous has settings have been kept and that users are able to change settings.
I hope it will help.
I try to explain with details how to apply settings to KAV WKS and to let users modifying its configuration :
1. Define your settings using the policy. Lock all modified options then you are they will be applied.
2. On the Enforcement tab, check the option "Apply all policy settings to the local settings at first policy application".
3. Click on the button "Change now".
4. Check that settings have been enforced on client side.
5. Disable policy, or unlock settings you want users could modify in the properties of the policy.
6. Check locally that previous has settings have been kept and that users are able to change settings.
I hope it will help.
Thank you, that is much clearer. But doesn't the "Change Now" overwrite all of the settings for Applications that were autodetected during installation? I would like to add to what is already there, not replace it. Is it possible?
QUOTE(SherryB @ 4.06.2008 01:48)
Thank you, that is much clearer. But doesn't the "Change Now" overwrite all of the settings for Applications that were autodetected during installation? I would like to add to what is already there, not replace it. Is it possible?
No, that is not possible right now. I'll send this suggestion to the KAV for WKS team for implementation in the future versions.
Unfortunately, I think it's not possible. Developers should confirm, but as far as I know you can't add to what is already there using a policy.
You'd better create a policy with all settings defined during the installation of the product, and then manage configuration of KAV using the policy like described in my previous post.
Edit: Thanks kulaga
You'd better create a policy with all settings defined during the installation of the product, and then manage configuration of KAV using the policy like described in my previous post.
Edit: Thanks kulaga
QUOTE(Tybilly @ 4.06.2008 02:11)
Unfortunately, I think it's not possible. Developers should confirm, but as far as I know you can't add to what is already there using a policy.
You'd better create a policy with all settings defined during the installation of the product, and then manage configuration of KAV using the policy like described in my previous post.
Edit: Thanks kulaga
You'd better create a policy with all settings defined during the installation of the product, and then manage configuration of KAV using the policy like described in my previous post.
Edit: Thanks kulaga
Thanks guys! That would be a great new feature to have because we have many different configurations on our workstations. There is really no such thing as a "standard" software configuration here. So just putting separate locks on the Trusted Application section and the Zones section would help a lot. So we could lock down one without affecting the other. That might be easier to implement than being able to add things to existing configurations via Policy.
I can't imagine that it would be too hard to implement a 'mandatory - server imposed' policy, and then still have a separate policy on top that the end-users can impose themselves, per workstation. That is pretty basic functionality and be the best general solution.
Sorry to bump such an old thread but I've also wished for such a feature (Enforce basic policy and still let users add exclusions locally) for some time now.
Since it seems to have been suggested to the developers by kulaga, are there any news on this?
Since it seems to have been suggested to the developers by kulaga, are there any news on this?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.