Merging of User and Machine based policies is not working as expected with Symantec Endpoint Encryption Device Control 8.2.x.

Article:TECH194882  |  Created: 2012-08-13  |  Updated: 2013-05-23  |  Article URL
Article Type
Technical Solution


You are trying to implement user based policies that should override the computer based policy. However after the user based policy is loaded you notice that it has not had any effect on the machine.


When more than one policy is associated with an organizational object, the definitions in all the associated policies may be merged so as to produce the definition that will be enforced on the endpoint. A typical example of using this capability is defining a general policy for a specific department and another policy for a specific user in that department who requires additional permissions.

Policy merging works as follows:

  • Security Policy Options — the most permissive definition of all merged policies is applied for the options in the policy panels grouped under the Security category in the navigation pane.
  • Settings Policy Options — the options in the policy panels grouped under the Settings category in the navigation pane will be taken from the policy whose name is first alphabetically. Therefore, if policy merging is enabled, Symantec recommends using global policies to define the settings.


For more details on policy merging see the Symantec Endpoint Encryption Device Control Administrator Guide (download link provided below):


SEE Device Control 8.2.x Administrator Guide
SEE-DC 8.2.0 Administrator Guide.pdf (3.4 MBytes)

Article URL

Terms of use for this information are found in Legal Notices