The Impero Console has an 'Advanced Policy' system which allows you to set up various policies that will affect end-users. These policies can be set on every Impero Client machine by configuring Advanced Policies on the 'Entire Network' group, or on specific groups that you have created in the Impero.
- To access Advanced Policies, firstly ensure that you have the correct group selected in your Console.
- Click on 'Group' and then select 'Advanced Policies'.
- You can also select this by right-clicking your mouse on the correct group and selecting 'Advanced Policies'.
Note: You cannot create Advanced Policies for the default Impero Groups (i.e. Internet Banned, Printing Disabled, Removable Media Disabled, Screens Locked, Sound Muted)
- You will now see the 'Advanced Policy System' window where your policies can be created, edited and scheduled.
- Every group has four default policies that appear in bold at the top of this window. Any entries in the Block List, Allow List and Keyword Detection windows will appear in these policies.
- You can also add items to each of these default policies.
- Group default policies are permanently 'Enabled' and cannot be disabled.
- If a policy contains any items, they will be displayed on the right-hand side of this window.
- In order to create your own policies, click on the 'Add' button in the upper left-hand corner of this window.
- This will open the 'Create New Policy' window.
- Enter a name for your new policy in the 'Policy Name' text area at the top of the window.
- You are then presented with six different policy types that you can create:
Block/Detect Policy - Detect/block a website, application or other resource launched from the remote computer
Allow Only Policy - This will ban all resources apart from the items named in this policy
Whitelist Policy - Allow certain resources to be launched on the remote computer, bypassing other blocks/policies
Action Policy - Perform actions on remote computers, such as shut down
Firewall Policy - Block applications from accessing Internet ports
- Once you have given your policy a name and selected the policy type, click on 'OK'.
- Your new policy will then appear on the left-hand side of the 'Advanced Policy System' window.
- Once you have set up some policies, there are a number of further options that are configurable from the left-hand side of this window.
- Select one of your policies on the left-hand side, and click on 'Rename' in order to edit the name of your policy.
- Select one of your policies, and click on 'Remove' in order to delete your policy.
- If you wish to start using one of your policies, select it and click on 'Enable'. You can also do this by selecting 'Enabled' from the drop-down list in the 'Status' column.
- If you wish to stop using a policy that is already enabled, select it and click the 'Disable' button or select 'Disabled' from the 'Status' drop-down list.
- You can set a policy to run between certain times by scheduling it.
-To do this, select your policy and click the 'Schedule' button or select 'Scheduled' from the drop-down list.
- You will then see a new button, 'New Schedule' next to that policy item.
- Click on this button in order to specify the times during which this policy will be active.
The policy schedule is broken down by each day of the week, with each day having 24 blocks representing each hour of the day. In order to schedule the policy, click on the hours during which you wish for the policy to become active. When an hourly block is clicked upon, the block will turn to a solid green colour, indicating the policy is enabled for that hour. You can click as many hours, on as many days, as you wish for the policy to run.
Once you are happy with the schedule you have created, click on the 'Set' button to activate it. The 'Unset' button will remove the schedule. The two additional buttons, 'Set All' and 'Unset All', will select/deselect all the blocks in the schedule.
- If you wish to locate a particular policy term, click on the 'Search' button.
- This will open a new window, where you can enter the term that you wish to locate, using the asterisk (*) as a wildcard if necessary.
- This will search only on any enabled 'Block/Detect' type policy.
- You can right-click on any of the entries in the 'Policy Name' to either Export or Import the items in that policy.
- If you right-click on a Block/Detect Policy, you have the additional option of 'Mass edit policy items’.
- This allows you to modify multiple policy items simultaneously.
- For further information, please see the Mass Policy Editor section.
Note: If you create an Advanced Policy in one Computer/User Group, it is mimicked across all other Computer/User Groups. For example, if the Policy is created in 'Computer Group A', the same policy will then appear for 'Computer Group B', 'User Group A' and 'User Group B'. However, if the policy is then 'Enabled' or 'Scheduled' in 'Computer Group A', it will remain 'Disabled' in the other Groups. Only the Policy Name and Policy Items are carried across into the other Groups, not the scheduling information.
If you wish to create policy items specific to a Computer/User Group, enter those items into the default policies that are created per group, i.e. 'Group Name Action List', 'Group Name Block List' etc.
Please sign in to leave a comment.