Using location awareness with groups
|Article:HOWTO26994|||||Created: 2010-01-08|||||Updated: 2010-01-15|||||Article URL http://www.symantec.com/docs/HOWTO26994|
You can create locations and assign a separate security policy to different locations based on the following criteria:
You add locations after you have set up all the groups that you need to manage. Each group can have different locations if your security strategy requires it. In the Symantec Endpoint Protection Manager console, you can set up the conditions that trigger automatic policy switching based on location. When you enable location awareness, it automatically applies the best security policy to a client or server, based on the location from which a user connects.
You can add a set of conditions to each group's locations that automatically selects the correct security policies for a user's environment. These conditions are based on criteria such as the network settings of the computer from which the request for network access was initiated. An IP address, a MAC address, or the address of a directory server can also function as condition. If you change a security policy in the console, either the management server updates the policy on the client or the client downloads the policy.
If the current location is not valid after the update, then the client either:
You can customize the policy and settings of each location. For example, the policies for an office location may not need to be as strict as the policies for a VPN or home location. The policy that is associated with the default location is used when the user is already behind a corporate firewall.
When you create a location, it applies to the group for which you created it and any groups that inherit from the parent group. You should create the locations that you intend to apply to all clients at the My Company group level. You can create some locations that are specific to a particular group. For example, in most companies all clients require a default location that is added automatically to the My Company group. However, not all clients require a VPN connection. You can set up a separate group that is called Telecommuters for the clients who require a VPN connection. You add the VPN location to the Telecommuters group as well as to the inherited office location. Clients in that group can then use the policies that are associated with either the office or the VPN location.
Table: Location awareness tasks that you can perform
Article URL http://www.symantec.com/docs/HOWTO26994