Workflow
The Workflow page displays the process for applying a ZENworks Endpoint Security policy to a device. The process consists of the three primary tasks described below.
For a description of each of the tasks listed in the Common Tasks panel, see Tasks.
Agent Deployment
ZENworks Endpoint Security Management uses two agents: the ZENworks Adaptive Agent and the ZENworks Endpoint Security Agent.
The Adaptive Agent performs all core ZENworks functions such as registering devices, distributing content (bundles, policies, and so forth), determining location, updating software, and collecting log and status information. The Endpoint Security Agent, a module of the Adaptive Agent, enforces security policies on devices.
-
Enable Endpoint Security Agent Feature: As a module of the Adaptive Agent, the Endpoint Security Agent can be enabled and disabled. By default, when you activate ZENworks Endpoint Security Management (either licensed or evaluation), the Endpoint Security Agent is enabled.
To ensure that the Endpoint Security Agent is still enabled, select this option to display the ZENworks Agent configuration page. In the Agent Features list, verify that the Endpoint Security Management feature is configured as Installed and Enabled.
Configuring this setting enables the Endpoint Security Agent on all devices in the Management Zone. If there are devices where you do not want to enable the agent, you can override the setting on device folders and individual devices.
-
Install ZENworks Adaptive Agent: If the Adaptive Agent is not already deployed to devices, select this option to deploy it. If you configured the agent features to enable the Endpoint Security Agent (see
Enable Endpoint Security Agent Feature
above), it is enabled as part of the Adaptive Agent deployment.If the ZENworks Adaptive Agent is already deployed to devices and you just enabled the Endpoint Security Agent, you don’t need to do anything. The Endpoint Security Agent will be installed and enabled the next time the Adaptive Agent performs a refresh.
Policy Definition
Security settings are applied to devices through the use of security policies. Select from the following options to create your security policies:
-
Create Locations: Security policies can be global or location-based. A global security policy is applied regardless of a device’s location. A location-based security policy is applied only when the device identifies (through its network environment) that it is in that location.
Before you can use location-based policies, you must create locations. Select this option to display the Locations page. Click Help on the Locations page for additional information.
-
Create Policy: Select this option to display the Policies page. Click New > Policy to launch the Create New Policy Wizard.
There are 10 security policies. The Security Settings policy protects the Endpoint Security Agent. The Location Assignment policy determines which security locations are available to devices. Because of the nature of these two policies, we recommend that you create and assign these policies first.
-
Edit/Manage Policies: Select this option to display the Policies page. Click an existing policy to edit it, or use the menu options to perform the desired management tasks.
Assignment and Enforcement
You can assign security policies to users or devices. Select from the following options to manage security policy assignments.
-
Assign Policy to Device: Select this option to launch a wizard that lets you assign policies to devices. Device-assigned policies are applied regardless of the user that is logged in.
-
Assign Policy to User: Select this option to launch a wizard that lets you assign policies to users. User-assigned policies are applied only when the assigned users is logged in. If the user moves from one device to another, the policies move with the user.
-
Assign Default Policies: Select this option to display the Zone Policy Settings page. This page lets you assign security policies to the Management Zone. When determining the effective policies to be enforced on a device, the Zone policies act as a default policy, being evaluated after all other device-assigned and user-assigned policies.