Print Download PDF Send Feedback

Previous

Next

Compliance

In This Section:

Overview of Compliance

Planning for Compliance Rules

Configuring Compliance Policy Rules

Monitoring Compliance States

The Heartbeat Interval

The Compliance component makes sure that endpoint computers comply with security rules that you define for your organization. Computers that do not comply show as non-compliant and you can apply restrictive policies to them.

Overview of Compliance

Compliance makes sure that:

If an object (for example an OU or user) in the organizational tree violates its assigned policy, its compliance state changes, and this affects the behavior of the endpoint computer:

Planning for Compliance Rules

Before you define and assign compliance rules, do these planning steps:

  1. Identify the applications, files, registry keys, and process names that are required or not permitted on endpoint computers.
  2. Collect all information and remediation files necessary for user compliance. Use this information when you create remediation objects to use in compliance rules.

    Compliance rules can prevent users from accessing required network resources when they are not compliant. Think about how to make it easy for users to become compliant.

  3. Make sure that the firewall rules gives access to remediation resources. For example, sites from which service packs or Anti-virus updates can be downloaded.

    Note - In Windows 7, make sure the Interactive Service Detection service is running. This is necessary for remediation files (running with system credentials) that must interact with the user.

  4. Define rule alerts and login policies to enforce the rules after deployment.