Symantec Data Loss Prevention: adding rules based on Active Directory user accounts
Symantec Data Loss Prevention (SDLP, current version 11.6) is often being installed in Windows environment. Thus there are a lot of tasks in SDLP that are connected to Active Directory. This article should give you an insight on how to make detection policies and rules work for a particular Active Directory user, or group of users, or how to make the policy work for all users except one particular Active Directory user.
Well, to enable DLP policy that, for example, detects USB removable device copy and prevents the action for a specific Active Directory user, you should do 3 steps:
First go to System > Settings > Group Directories
Then press Create New Connection button and set up new connection to Active Directory. Example screenshot will give you an idea on how to fill out the fields:
So far it is simple. If your domain name is demo.com then in (Network Parameters) Base DN field you should type: DC=demo, DC=com
Choose Authentification type on server (it is almost always will be required to enter user name and password), type in credentials.
When done filling out fields press Test Connection buttion to ensure that everything is done properly.
When testing connection succeed press Save button and continue to the second step.
When directory connection is set up - the next step is to create User Group. Choose Manage > User Groups
Then create new user group (you can include one or many users depending on what kind of policy you will use this group). See example screenshot below for details:
When done filling out the field press Save button and continue to the final step.
Final step is to add rule to policy based on User Group (which is based on Directory Connection from step 1). To do so go to Manage > Policies > Policy List and choose the policy to modify (or you can create the new one). To add desired user based rule Groups tab in policy settings should be chosen.Then it depends if you want to add rule for particualr AD user or make an exception for AD user you then press button Add Rule or Add Exception correspondingly. Example below shows exeption rule:
when, for example, Sender/User based on Directory Server Group is selected click Next and you will be able to set up the user based rule.
Just select user group that was set up on step 2, name exception, click Ok, then save the policy.