9.3 Endpoint Security Management

ZENworks 11 SP2 Endpoint Security Management lets you protect devices by enforcing security settings via policies. You can control a device's access to removable storage devices, wireless networks, and applications. In addition, you can secure data through encryption and secure network communication via firewall enforcement (ports, protocols, and access control lists). And you can change an endpoint device's security based on its location.

The following tasks must be done in the order listed.



Activate Endpoint Security Management

If you did not activate Endpoint Security Management during installation of the Management Zone, either by providing a license key or by turning on the evaluation, you must do so before you can use the product.

For instructions, see Section 12.1, Activating Endpoint Security Management.

Folder icon

Enable the Endpoint Security Agent

The Endpoint Security Agent enforces security policies on devices. It must be installed and enabled on each device to which you want to distribute security policies.

For instructions, see Section 12.2, Enabling the Endpoint Security Agent.

Registration icon

Create locations

Security policies can be global or specific to locations. A global policy is applied in all locations. A location-based policy is applied only when the Endpoint Security Agent determines that the device’s network environment matches the environment defined for the location.

If you want to use location-based policies, you must create locations. For instructions, see Section 12.3, Creating Locations.

Usersource icon

Create security policies

A devices security settings are configured through security policies. There are 11 types of security policies you can create.

For instructions, see Section 12.4, Creating a Security Policy.

Configuration icon

Assign policies to users and devices

Security policies can be assigned to users or to devices.

For instructions, see Section 12.5, Assigning a Policy to Users and Devices.

Admin icon

Assign policies to zones

To ensure that a device is always protected, you can define default security policies for each policy type by assigning policies to the zone. A zone-assigned policy is applied when a device is not covered by a user-assigned or device-assigned policy.

For instructions, see Section 12.6, Assigning a Policy to the Zone.