Using location awareness with groups

Article:HOWTO26994

Created: 2010-01-08

Updated: 2010-01-15

Article URL http://www.symantec.com/docs/HOWTO26994

Article Type
How To

Product(s)

Show all

Environment

Show all

CLOSE X

Windows Server 2008
Web Edition (x86) SP2, Web Edition (x86), Web Edition (x64) SP2, Web Edition (x64), Standard (x86-32bit) SP2, Standard (x86-32bit), Standard (x64-64bit) SP2, Standard (x64-64bit), Server Core, Enterprise (x86-32bit) SP2, Enterprise (x86-32bit), Enterprise (x64-64bit) SP2, Enterprise (x64-64bit), DataCenter (x86-32bit) SP2, DataCenter (x86-32bit), DataCenter (x64-64bit) SP2, DataCenter (x64-64bit)

Windows Server 2008 R2
WebServer (x64-64bit), Standard (x64-64bit), Enterprise (x64-64bit), DataCenter (x64-64bit)

VMWare ESX
4.0, 3.5 U4, 3.5 U3, 3.5 U2, 3.5 U1, 3.5, 3.0.2, 3.0.1, 3.0, 2.5

Windows XP
Pro 5.1 SP3, Pro 5.1 SP2, Pro 5.1 SP1, Pro 5.1 64 bit SP3, Pro 5.1 64 bit SP2, Pro 5.1 64 bit SP1, Embedded SP3, Embedded SP2, Embedded SP1

Windows Vista
Ultimate RC2, Ultimate (x86) 6.0.6000, Ultimate (x64) 6.0.6000, Starter (x86) 6.0.6000, RC2, Home RC2, Home Premium RC2, Home Premium (x86) 6.0.6000, Home Premium (x64) 6.0.6000, Home Basic (x86) 6.0.6000, Home Basic (x64) 6.0.6000, Enterprise RC2, Enterprise 6.0.6000, Business RC2, Business (x86) 6.0.6000, Business (x64) 6.0.6000

Windows Small Business Server 2008
Standard Edition, Premium Edition

Windows Server 2003 R2
Web Edition (x86), Web Edition (x64), Storage Server Edition (x86), Storage Server Edition (x64), Standard Edition (x86), Standard Edition (x64), Enterprise Edition (x86), Enterprise Edition (x64), Datacenter Edition (x86), Datacenter Edition (x64)

GSX Server for Windows
3.2

Windows Server 2003
Web Server, Web Edition SP2, Web Edition SP1, Storage Server SP2, Storage Server SP1, Storage Server (x64) SP2, Storage Server (x64) SP1, Storage Server (x64), Storage Server, Standard Server(x64), Standard Server SP2 (x64), Standard Server SP2, Standard Server SP1 (x64), Standard Server SP1, Standard Server, Enterprise SP2(x64), Enterprise SP2, Enterprise SP1(x64), Enterprise SP1(IA64), Enterprise ServerSP1, Enterprise Server, Enterprise (x64), Enterprise (IA64), Datacenter SP2(x64), DataCenter SP2

VMware Workstation
6.5, 6.0, 5.0

Windows Small Business Server 2003
Standard Edition

Windows Fundamentals for Legacy PCs
5.1 SP3

Languages

Show all

Using location awareness with groups

Employees frequently need to connect to the network from multiple locations, such as their homes, Internet cafés, hotels, and the office. Different locations may have different security needs.

You can create locations and assign a separate security policy to different locations based on the following criteria:

The type of network connection, such as wireless, Ethernet, or VPN.
The location of the connection.

You may want to add several locations that reflect the following kinds of connections:

Wireless connections inside the office.
Non-wireless connections inside the office.
Connections from remote corporate locations outside of the office.
VPN connections from outside of the office.

You add locations after you have set up all the groups that you need to manage. Each group can have different locations if your security strategy requires it. In the Symantec Endpoint Protection Manager console, you can set up the conditions that trigger automatic policy switching based on location. When you enable location awareness, it automatically applies the best security policy to a client or server, based on the location from which a user connects.

You can add a set of conditions to each group's locations that automatically selects the correct security policies for a user's environment. These conditions are based on criteria such as the network settings of the computer from which the request for network access was initiated. An IP address, a MAC address, or the address of a directory server can also function as condition. If you change a security policy in the console, either the management server updates the policy on the client or the client downloads the policy.

If the current location is not valid after the update, then the client either:

Switches to another location that is valid.
Uses the default location.

You can customize the policy and settings of each location. For example, the policies for an office location may not need to be as strict as the policies for a VPN or home location. The policy that is associated with the default location is used when the user is already behind a corporate firewall.

When you create a location, it applies to the group for which you created it and any groups that inherit from the parent group. You should create the locations that you intend to apply to all clients at the My Company group level. You can create some locations that are specific to a particular group. For example, in most companies all clients require a default location that is added automatically to the My Company group. However, not all clients require a VPN connection. You can set up a separate group that is called Telecommuters for the clients who require a VPN connection. You add the VPN location to the Telecommuters group as well as to the inherited office location. Clients in that group can then use the policies that are associated with either the office or the VPN location.

Table: Location awareness tasks that you can perform

Tasks	Description
Plan locations	You should consider the different types of security policies that you need in your environment to determine the locations that you should use. You can then determine the criteria to use to define each location. See About planning locations.
Enable location awareness	To control the policies that are assigned to clients contingent on the location from which the clients connect, you can enable location awareness. See Enabling location awareness for a client.
Add locations	You can add locations to groups. See Adding a location with a wizard. See Adding a location without a wizard.
Assign default locations	All groups must have a default location. When you install the console, there is only one location, called Default. When you create a new group, its default location is always Default. You can change the default location later after you add other locations. The default location is used if one of the following cases occurs: One of the multiple locations meets location criteria and the last location does not meet location criteria. You use location awareness and no locations meet the criteria. The location is renamed or changed in the policy. The client reverts to the default location when it receives the new policy. See Changing a default location.
Configure communications settings for locations	You can also configure the communication settings between a management server and the client on a location basis. See Configuring communication settings for a location.
Edit location properties	You can edit some location properties. See Editing the name and description of a group's location.
Delete locations	You can delete any locations that are obsolete or no longer useful in your network. See Deleting a group's location.

Legacy ID

349352

Article URL http://www.symantec.com/docs/HOWTO26994

Using location awareness with groups

Using location awareness with groups

Legacy ID

Please Sign In

Knowledge Base Search

Knowledge Base Search

MySymantec

MySymantec

Contacting Support

Contacting Support