Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Policies and users in specific OUs

Created: 14 Mar 2013 • Updated: 14 Mar 2013 | 11 comments
This issue has been solved. See solution.

Hello,

Is it possible to configure DLP so that only users in specific OUs (Microsoft Active Directory) are targeted?  In particular, I am looking at endpoint policies.  Can specific policies exclude or include specific OUs.  Also, is it possible to configure DLP so that specific OUs are excluded or included for all policies?

Thanks in advance,

Bob

Operating Systems:

Comments 11 CommentsJump to latest comment

BzlBob's picture

When I referred to OUs, I am talking about OUs in Microsoft Active Directory.

stumunro's picture

yes you can do apply specific "goups" under the groups tab in the policy you are looking to apply. you can also further exempt groups also...

stumunro's picture

sorry click on manage then user groups and build the groups from AD you wish to apply or exempt them from...

BzlBob's picture

How about excluding an OU instead of group?  

stumunro's picture

correct the group comes from a OU in AD....if AD is integrated into the system.

BzlBob's picture

My issue is that I want to exclude certain countries.  We do not have groups that identify what country someone is, but we do put our users in OU's specific to the country.  From what I can see in the groups part of the policy, it is based on group membership, not where someone's account is in AD (what OU).

stumunro's picture

correct, if it is not in AD its kinda hard... 

the next question is can you do it by a email group do you have anything like that in in... 

remeber DLP only reads AD info it nevers writes to AD..

SOLUTION
stumunro's picture

sorry you can manually build one, you would need to pull out every user indivually and name it... its just time consuming

BzlBob's picture

I think I have figured this out.  I had to create a User Group.  That group is defined by OU.  Then I can leverage that User Group in the Group tab by either clicking Add Rule or Add Exception.  

stumunro's picture

correct... if the ou doesnt exist you need to build it manually...

marked this resolved if it works for you please...