ZENworks® ESM 3.5 Administrator’s Manual 83
Creating and Distributing ESM Security Policies
Security Policies are used by the ZENworks Security Client to apply location security to mobile
users. Decisions on networking port availability, network application availability, file storage
device access, and wired or Wi-Fi connectivity are determined by the administrator for each
location.
Security policies can be custom-created for the enterprise, individual user groups, or individual
users/machines. Security policies can allow full employee productivity while securing the
endpoint, or can restrict the employee to only running certain applications and having only
authorized hardware available to them.
To begin a security policy, click New Policy in the File menu of the Management Console
Policy Tabs and Tree
A security policy is written/edited by navigating through the available tabs at the top of the
screen, and the components tree on the left.
The available tabs are:
• Global Policy Settings - Settings which are applied as defaults throughout the policy
• Locations - These policy rules are applied within a specific location type, whether
specified as a single network, or a type of network such as a coffee shop or airport
• Integrity and Remediation Rules - Assures essential software (such as antivirus and
spyware) is running and up-to-date on the device
• Compliance Reporting - Instructs whether reporting data (including the type of data) is
gathered for this particular policy
• Publish -Publishes the completed policy to individual users, directory service user
groups, and/or individual machines.
The Policy Tree displays the available subset components for the tabbed categories. For example,
Global Policy Settings include subsets of Wireless Control, ZSC Update, and VPN Enforcement.
ONLY the items contained on the primary subset page are required to define a category, the
remaining subsets are optional components.
