Hello,
Answers:
1. The policy is defined at Server and followed by clients (i.e. Desktop and Laptops). What will be the status if some one is disconnected from server/LAN? Is the policy will be remain valid? ( Considering outstation Engineers)
Create a Location based policy. The Outstations Engineer (Mobile Clients) would change the location status to the right location and stay connected. If the machine will be seen offline when not connected to the SEPM.
https://support.symantec.com/en_US/article.HOWTO80747.html
https://support.symantec.com/en_US/article.TECH104571.html
2. Restrictions over USB ports/CD drive will be valid in all case?
Not in Safe mode.
https://www.symantec.com/connect/ideas/usb-blocking-doesnt-work-safe-mode?list_context_id=3377631&list_context_type=symantec_product
3. Can we restrict USB port for defined Pen drive and Datacard so that another datacard/pen drive can be get accessible.
Yes, you can restrict certain USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection (SEP).
https://support.symantec.com/en_US/article.TECH106304.html
4. How to recover data if it is password protected. (case some one left without disclosing the password and still important data is available in Laptops/Desktops- This is exclusively for IT Deptt.)
Are you talking about SEPM Data? SEPM Admin Password can be accessed. Create a Ticket with Technical Support for the same.
Regards,