This topic describes how to create and manage unified rules on the Files, Custom, Registry, and Memory tabs on the Software Rules page.

The following procedure uses Custom Rules for most examples, but the descriptions and procedures are the same for the other unified rule types, except for ranking which does not apply to File Rules.

Although you can manage File Rules from the Software Rules page, it is more likely that you will create approvals and bans from one of the pages that list files, or from a File Details page. Changing a Unified Rule to a Local Rule describes the procedure for creating unified rules.

Procedure

  1. To add a rule, log in as a user with either the Administrator (Unified Management) role or the User (Unified Management) role.
  2. Go to the page for the type of rule you want to create and click the Add button for that rule type. For example, on the Custom Rules page, click Add Custom Rule.
  3. On the Add Rule page, configure the General section, and if present, the Definition section.
    Note: When you apply a rule to more than one server, client servers use default notifiers, even if a custom notifier is specified on the management server.
  4. If you are logged into the management server in a Unified Management environment, a Servers field displays in the Rule Applies To panel.
    The servers field on the Add Custom Rule page in the rule applies to panel

    Select one of the following choices:

    • To apply the rule to the current server only, select the top radio button that shows the server name.
    • To apply the rule to the current server and all servers it manages, select All Servers.
    • To apply the rule to specific servers, select Selected Servers and select the check box next to each applicable server.
  5. When you have finished specifying the servers, select the policies to which the rule will apply. Select one of the following choices:
    • To apply the rule to computers in all policies, select All Current and Future Policies.
    • To apply the rule to computers in some but not all policies, select Selected Policies and then select the check box next to each policy to which to apply the rule . The server for each policy is listed.
    Note: If you recently created, edited, or deleted policies on a remote system, the policy list might not be immediately updated on the management server. With normal connectivity, policy lists from remote systems are up-to-date on the management server within one minute, but slower networks might increase this interval.
  6. To apply the rule to servers other than the current server, an Override Permissions section displays for Custom, Registry, and Memory Rules. This section determines the actions that users who do not have Unified Management roles can do.
    The Override Permissions section in the rule applies to panel
    Select one of the following choices:
    • No Override – Users who do not have User (Unified Management) or Administrator (Unified Management) permission cannot edit this rule or change its rank relative to other rules.
    • Partial Override – Users who do not have User (Unified Management) or Administrator (Unified Management) cannot edit this rule, but can change its rank relative to other rules.
    • Full Override – Any user with permission to edit rules can edit and change the rank of this rule. If you override a rule (other than rank), it becomes a local rule on the server on which the override occurred, and the local rule is no longer connected to the previous (unified) rule on other servers.
    Caution:
    • If you configure a rule to allow Partial Override, keep in mind that a user on another server could make the rule ineffective by moving it to a lower rank than a different rule that affects the same action.
    • Users who have the Administrator (Unified Management) or User (Unified Management) role can edit unified rules regardless of the override setting.
  7. When you have finished configuring the rule, click the Save button to stay on the page, or click the Save and Exit button to return to the table page for this rule type. In the Unified Management environment, this action opens the Save Rule wizard.
    The Save Rule wizard page showing the rule ranking
  8. For Custom, Registry, and Memory Rules, the first page of the wizard shows rule ranking. Initially, any new rule is ranked first in the list of rules. It takes precedence over lower ranked rules for actions in which rank matters. The Save Rule wizard allows you to customize the ranking of this rule on each server. The wizard provides a separate page to rank the new rule on each server. You can drag and drop the new rule to a different position relative to the other rules:
    1. On the first page of the wizard, change or accept the rank of the new rule and then click Next. The rule ranking for the next server is displayed.
    2. Continue examining, and if necessary, changing the ranking of the rule on each server. When you get to the last server, click a Send rules button to send the rules to each server.
      Note: You can click the Back button in the bottom left of the wizard if you change your mind about the rank of the rule on a previous server, and you can click Cancel in the bottom right to return to the Add Custom Rule page.
  9. The Save Rule wizard shows the progress of rule distribution to your servers. When all specified servers have received the rule, the wizard shows Complete at the end of the progress bar.
    The completed wizard on the Save Rule page
  10. Click Finish to exit the wizard.
    Note: If errors occur during the rule creation and distribution process, they display with red exclamation marks instead of blue checkmarks in the final page of the wizard. Depending on the issue,you might be able to correct it by simply repeating the procedure. Some issues such as connectivity failures can require remediation.

Results

In the rules tables, unified rules that exist under Unified Management are highlighted in green. In addition, tables that show unified rules can include a Unified Server Source field, which shows the name of the management server from which the rule came. This field is not displayed by default.

The selected unified rule in the rules table

In addition, rules are grouped by server on the management server rules pages. The management server rules list are expanded by default, but you can collapse and expand the rules for any server.

The rules table showing grouped rules

By default, the rules from all servers are accessible in a rules table on the management server. However, you can use the Servers menu to add or remove servers from the view. Uncheck the box next to any server you do not want to include on the page.

The rules table showing excluded and included rules