Data Loss Prevention

 View Only

  • 1.  Symantec Data Loss Prevention policies based on Active Directory

    Posted Dec 19, 2012 06:46 AM

    Hello everyone,

    While testing SDLP I need to create some policies and response rules based on Active Directory, e.g.:

    1) Restrict web-mail sending as attachment for particular user in AD

    2) Allow specific AD user to copy files from endpoint to USB device

    etc.

    How should I make it? Does SDLP require specific settings to be applied to do this?



  • 2.  RE: Symantec Data Loss Prevention policies based on Active Directory
    Best Answer

    Broadcom Employee
    Posted Dec 19, 2012 07:54 AM

    intergrate with AD/LDAP and configure the policy.



  • 3.  RE: Symantec Data Loss Prevention policies based on Active Directory

    Posted Dec 19, 2012 10:00 AM

    Thank you. What did you mean under integrate with AD? I have configured krb5.ini with my AD servers data and enabled AD authentification on Enforce server. This is it? How to configure specific policies then?



  • 4.  RE: Symantec Data Loss Prevention policies based on Active Directory

    Posted Dec 26, 2012 09:19 AM

    You should searxh Administrator's manual for: Detecting identity from a synchronized directory group server.

    1. In DLP console you should go first to System > Settings > Group Directories and there press Create New Connectiom button. Fill out the fields accordingly.
    2. Then use Manage > User Groups and add groups based on your group directory connection from previous step.
    3. Then go to Manage > Policies and choose (or create new one). And then use Group tab.


  • 5.  RE: Symantec Data Loss Prevention policies based on Active Directory

    Posted Mar 04, 2013 01:14 AM

     

    Hi -kind ,

    please refer below

    https://www-secure.symantec.com/connect/articles/symantec-data-loss-prevention-adding-rules-based-active-directory-user-accounts

    https://www-secure.symantec.com/connect/articles/create-dlp-policy-special-user-group