Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Data Loss Prevention policies based on Active Directory

Created: 19 Dec 2012 • Updated: 10 Jun 2013 | 4 comments
V-Kind's picture
This issue has been solved. See solution.

Hello everyone,

While testing SDLP I need to create some policies and response rules based on Active Directory, e.g.:

1) Restrict web-mail sending as attachment for particular user in AD

2) Allow specific AD user to copy files from endpoint to USB device

etc.

How should I make it? Does SDLP require specific settings to be applied to do this?

Comments 4 CommentsJump to latest comment

V-Kind's picture

Thank you. What did you mean under integrate with AD? I have configured krb5.ini with my AD servers data and enabled AD authentification on Enforce server. This is it? How to configure specific policies then?

UFO's picture

You should searxh Administrator's manual for: Detecting identity from a synchronized directory group server.

  1. In DLP console you should go first to System > Settings > Group Directories and there press Create New Connectiom button. Fill out the fields accordingly.
  2. Then use Manage > User Groups and add groups based on your group directory connection from previous step.
  3. Then go to Manage > Policies and choose (or create new one). And then use Group tab.

STS: DLP