Strategies for Organizing Computers and Policies into Groups
Policy Commander lets you organize computers into groups with similar requirements or having similar functions. Appropriate security polices are then assigned to the group and are enforced for computers within the group.
Likewise, you can organize related policies into groups. For example, you may have a group of policies designed to protect sensitive data. Computers where data privacy is of utmost importance would be added to the group and would have the data privacy policies enforced.
Automatic Groups
By default, Policy Commander recognizes and automatically creates groups that reflect a computer’s Active Directory OU membership. For example, if your Active Directory domain is called MyCompany.com, and computers in the Accounting, Sales, Marketing and Administration OUs are managed with Policy Commander, the Dashboard will automatically show the following group structure:
MyCompany
Accounting
Administration
Marketing
Sales
Note: If you are not using Active Directory, turn off “Use Active Directory Naming” option in the Communications Settings section of the Settings page.
Manual Groups
You can also manually create groups to organize computers and/or policies using other criteria, such as location, function, role, etc.
Below is an example of a group structure based on computer roles within the organization. For example, the “Auditors” group would contain the PCs used by auditors when they are on site. A certain set of policies would be added to this group, perhaps policies that would lock down access to various files or folders.
Minneapolis Headquarters
Auditors
Bookkeeping
Customer Service
Executive
Loan Officers
Tellers
Rochester Branch
Bookkeeping
Customer Service
Loan Officers
Tellers
Below is an example of a group structure based on policy content. For example, the “Best Practices – Disable Services” group could contain all the policies supplied by New Boundary Technologies for disabling various services. It could also contain other polices that you authored to disable other services. You would then decide which computers needed to be more secure by having services disabled, and you would add them to the group.
Production Policies
Best Practices – Data Protection Policies
Best Practices – Disable Services
NIST Windows XP Security Template Policies
NIST Windows XP Security Policy Modules
NIST Windows 2000 Security Template Policies
NSA Security Template Policies
Microsoft Security Template Policies
No matter what group structure you choose, you manage groups by adding computers and policies to them.