If you deploy the standard system architecture that provides integration with a directory service, ZENworks Endpoint Security Management supports assigning of policies to both users and computers that reside in the directory service.
A user-assigned policy is applied whenever the user logs in. If three different users log in to the same endpoint device, each user receives his or her policy during the logged-in session.
A computer-assigned policy is applied when the endpoint device authenticates to the directory service. Even if three different users log in to the same endpoint, each user receives the same policy.
When you install the Security Client on an endpoint device, you configure the client to use either user-based polices or computer-based policies. The Security Client cannot apply both types of policies to the same endpoint; you must configure it to apply one or the other.
Because user and computer data is provided by your directory service, the type of policy you use depends in part on your directory service:
Microsoft Active Directory provides both User and Computer objects as base functionality.
Novell eDirectory provides User objects as base functionality. Workstation objects are available only if 1) Novell ZENworks 7 Desktop Management is installed with the eDirectory schema extended to support Workstation objects, 2) the ZENworks 7 Desktop Management Agent is installed on the endpoint devices, and 3) the devices are registered as ZENworks workstations in eDirectory. Because The ZENworks 7 Desktop Management Agent is supported only on Windows 2000/XP devices, you cannot assign security policies to Windows Vista/7 devices.
For more information about directory service support, see Section 2.2.4, Directory Services Requirements.