After creating a policy, you can perform various activities such as clone a policy, assign the policy, schedule policy monitoring:
Following sections provide more information about working with policies.
Cloning an existing policy allows you to quickly create a policy based on an existing policy, and then make changes as needed. By default Change Guardian uses the loaded revision of the selected policy when creating a clone, but you can select a specific policy revision.
Out-of-the-box policy templates provide examples of policies and best practice content you can reuse. Applying a policy template from the platform template library clones the policy into your active policy area. When a copy of the template appears in the list of policies for the module, you can edit the constraints to specify your monitored computers and files.
To clone from a template:
In the left pane of Policy Editor, select one of the following:
Active Directory
Group Policy
UNIX
Windows
Azure Active Directory
NetApp share
Dell EMC
Microsoft Exchange
Expand the list of templates and select the template you want to clone. For example, Active Directory Templates > AD Object > Site Link Cost Modified.
Click Apply.
On the policy details window, make the appropriate changes, and then click Submit.
(Conditional) If you want to enable the policy now, select the Enable this policy revision now check box
NOTE:For more information about enabling a policy, see Enabling a Change Guardian Policy Revision
If you add a policy to a policy set that contains multiple asset types, the policy applies only to the applicable assets. For example, if you apply a UNIX policy to a policy set that contains Windows and UNIX assets, the policy applies to the UNIX assets only.
Use the Policy Set Manager to add, edit, or clone policy sets.
To access the Policy Set Manager:
In the left pane, select Change Guardian.
Select Policy Set Manager.
After you create a policy set, you can assign the set as you would assign a policy. To assign policies, see Assigning Policies and Policy Sets
Policies are stored in the Change Guardian Policy Repository and are available to the Change Guardian users in your enterprise to assign to computers and asset groups.
You can use Policy Editor to assign policies and policy sets to the assets or asset groups in your enterprise.
Selecting an asset or asset group allows you to see the policies and policy sets assigned to it, and allows you assign additional policies and policy sets.
To assign a policy to an agent:
In the left pane of the Policy Editor window, navigate to Change Guardian.
Click Policy Assignment.
Select an Azure asset group or computer, and click Assign Policies.
Select Assets from the drop-down list.
NOTE:You cannot assign Azure AD policies via Asset Groups.
Select a policy set or policy and click Apply.
NOTE:An existing policy or policy set that has already been assigned can only be edited from the way it was assigned. For example, if you want to add an event destination to a policy that was assigned via a Policy Set you must edit it in the policy set only. This also applies to the server and group assignment.
Change Guardian saves the policy in the Policy Repository on the Change Guardian server computer. If you make changes to the policy later, Change Guardian creates a new revision of that policy. Policy revisions allow you to keep and share work that is in progress. Use the Policy Editor to view all policy revisions as well as the version number of the currently enabled policy. You can also load a previous revision of a policy to edit or enable.
You must submit policies to the Policy Repository before you can enable or assign policies, or make policies available to others. Before you can assign a policy revision to monitor computers or asset groups, you must enable it. You can enable a policy revision as follows:
When you submit the policy to the Policy Repository, after creating or editing it.
From the history tab of the selected module window in case of an existing policy.
NOTE:After you enable a policy revision, you must assign the policy to computers or assets groups. If you update the enabled revision of a policy already assigned, Change Guardian automatically updates any monitored assets that have that policy with the new revision but only when the agent requests at the next heartbeat.
To enable a policy revision from an application or module window:
In the left pane, select the policy.
On the History tab, select the policy revision you want to enable.
Click Enable.
Change Guardian allows you to export a policy to an.xml file. You can import a valid policy that was previously exported for future use as a new policy. You can also modify an imported policy to create a new policy with a similar definition. However, you can export one policy at a time but import multiple policies at a time.
To export a policy:
In the left pane of the Policy Editor window, navigate to the policy that you want to export.
Right-click the policy, and select Export.
To import a policy:
From the Policy Editor menu window, click Settings > Import Policies.
Select the required .xml file, and click Open.
When you create a policy, it automatically uses the default event destination. If you want to send event data to another destination, add an event destination to the policy (or policy set). The new event destination can be either in addition to or instead of the default event destination. The updated event destination setting will take effect at the next heartbeat interval, when the asset computer reads the updated policy information.
To assign event destinations to a policy:
Log in to the Policy Editor.
Click Policy Assignment.
Select an asset group or computer, and click Assign Policies.
Select a policy set or policy and click Advanced.
Select one or more event destinations to assign to the specified policy or policy set.
Click OK.
By default, Change Guardian policies monitor computers and asset groups continuously. A monitoring schedule allows you to define specific times when a policy or policy set monitors computers and asset groups. For example, you can suspend monitoring during scheduled maintenance times, which eliminates events generated as a result of the maintenance. When you assign a policy or policy set to an asset or asset group, you can attach a monitoring schedule.
Scheduled monitoring supports days of the week and inclusive intervals during a day.
Examples of valid time restrictions include:
Mondays, Tuesdays, and Wednesdays from 3-5 p.m.
Mondays from 3-5 p.m. and Tuesdays from 4-6 p.m.
Mondays from Midnight-7 a.m., 9 AM-2 p.m., and 6 p.m.-Midnight
To create a monitoring schedule:
Log in to the Policy Editor.
Click Settings > ScheduleĀ Monitoring Time
Click Add.
In the Schedule Time window, select the time(s) and day(s) you want Change Guardian to stop monitoring, and then select Donāt Monitor.
HINT:You can drag your cursor to select a range of times and days for scheduled monitoring.
Click OK.