You can edit the policy name, the basic definitions of a policy, including its description, and Enforcement Level, in the upper panel of the Edit Policy page.
For most Device and Advanced Settings, you can:
- turn them on or off
- place them in report-only state, in which they report what they would have done if they had been activated
- choose a different (or no) notifier, which is the dialog box that is displayed when an action is blocked as a result of an active policy setting; this is covered in Endpoint Notifiers and Approval Requests
Certain settings have fewer choices or choices other than those on this list.
Note: Although you can deactivate policy settings, you cannot create or delete them. The setting name (e.g., Block unapproved scripts), which is standard for all policies, cannot be changed.
Edit a Policy
Use this procedure to edit a policy.
Procedure
Related Views in Policy Details
The Edit Policy page has a Related Views menu with links that provide information about computers in this the policy and the files on those computers:
- All files on computers in this policy opens a Find Files page with all instances of tracked files on the computers assigned to the policy.
- Unapproved files on computers in this policy opens a Find Files page with all file instances with a Local State of Unapproved on the computers assigned to this policy. This helps show how the policy settings affect the files actually on these computers.You can add another filter to the results to show only files with Local State Details of Unapproved – these would be approved by an Enforcement Level change from Low to either Medium or High if the automatic approval box is checked for this policy.
- Computers manually assigned to this policy opens a filtered view of the Computers page, showing computers that have been manually assigned to the policy (i.e., were not assigned by AD mapping).