Policies enable you to organize computers running the Carbon Black App Control Agent into groups with common security requirements.
For example, you can create policies based on departmental affiliations like sales, marketing, or other organizational relationships. You might also create policies specific to a computer’s purpose, such as a special domain controller policy. A single policy may be appropriate if you want a single, company-wide operating standard for all computers, but typically you will create multiple policies.
Policies normally are assigned to computers, not users, although Active Directory data can be used to assign policy by user. Each computer has only one policy at a time, regardless of the number of users currently logged on.
Once a policy is created, you can assign computers to it through a variety of methods, including automatic assignment based on Active Directory group. See Managing Computers for more details on policy assignment.
When you create a policy, Carbon Black App Control attempts to create an agent installer that assigns the policy to computers that use the installer. If you have not yet uploaded agent installer packages and a rules file to your server, or if agent installer creation is disabled for all operating systems, creating a policy generates error events indicating that the agent installers for that policy cannot be created. You can still create the policy, but to avoid populating the Events log with errors each time you create a policy, the best practice is to upload agent and rule installers before creating policies. See "Uploading Agent Installers and Rules to the Server" in the VMware Carbon Black App Control Agent Installation Guide for more information.
Policy names can use alphanumeric characters and certain symbols in the ISO-8559-1 set. Characters in the 32-126 range in the ISO-8559-1 set are legal, with the following exceptions: < > : " / \ | ? * # @ `
If you enter Unicode characters or reserved symbols in a policy name, the console displays a warning dialog. You must remove the illegal characters from the name before you can save the policy.
Some characters that are allowable in policy names might cause problems when running the agent installer for the policy. For policies that will be applied to Mac computers, avoid parentheses and spaces in the name, or be prepared to “escape” these characters when you run the installer.
Create a Policy
Use this procedure to create a new policy.