1.5 User-Based Policies and Computer-Based Policies

If you deploy the standard system architecture that provides integration with a directory service, ZENworks Endpoint Security Management supports assigning of policies to both users and computers that reside in the directory service.

A user-assigned policy is applied whenever the user logs in. If three different users log in to the same endpoint device, each user receives his or her policy during the logged-in session.

A computer-assigned policy is applied when the endpoint device authenticates to the directory service. Even if three different users log in to the same endpoint, each user receives the same policy.

When you install the Security Client on an endpoint device, you configure the client to use either user-based polices or computer-based policies. The Security Client cannot apply both types of policies to the same endpoint; you must configure it to apply one or the other.

Because user and computer data is provided by your directory service, the type of policy you use depends in part on your directory service:

For more information about directory service support, see Section 2.2.4, Directory Services Requirements.