Strategies for Organizing Computers and Policies into Groups

Policy Commander lets you organize computers into groups with similar requirements or having similar functions. Appropriate security polices are then assigned to the group and are enforced for computers within the group.

Likewise, you can organize related policies into groups. For example, you may have a group of policies designed to protect sensitive data.  Computers where data privacy is of utmost importance would be added to the group and would have the data privacy policies enforced.

Automatic Groups

By default, Policy Commander recognizes and automatically creates groups that reflect a computer’s Active Directory OU membership. For example, if your Active Directory domain is called MyCompany.com, and computers in the Accounting, Sales, Marketing and Administration OUs are managed with Policy Commander, the Dashboard will automatically show the following group structure:

MyCompany

            Accounting

            Administration

            Marketing

            Sales

Note:  If you are not using Active Directory, turn off  “Use Active Directory Naming” option in the Communications Settings section of the Settings page.

Manual Groups

You can also manually create groups to organize computers and/or policies using other criteria, such as location, function, role, etc.

Below is an example of a group structure based on computer roles within the organization. For example, the “Auditors” group would contain the PCs used by auditors when they are on site. A certain set of policies would be added to this group, perhaps policies that would lock down access to various files or folders. 

Minneapolis Headquarters

            Auditors

            Bookkeeping

            Customer Service

            Executive

            Loan Officers

            Tellers

Rochester Branch

            Bookkeeping

Customer Service

            Loan Officers  

            Tellers

Below is an example of a group structure based on policy content. For example, the “Best Practices – Disable Services” group could contain all the policies supplied by New Boundary Technologies for disabling various services. It could also contain other polices that you authored to disable other services. You would then decide which computers needed to be more secure by having services disabled, and you would add them to the group.

Production Policies

Best Practices – Data Protection Policies

            Best Practices – Disable Services

            NIST Windows XP Security Template Policies

            NIST Windows XP Security Policy Modules

            NIST Windows 2000 Security Template Policies

            NSA Security Template Policies

            Microsoft Security Template Policies

No matter what group structure you choose, you manage groups by adding computers and policies to them.