Creating Policies

Two types of policies can be created: monitoring policies and controlling policies. Monitoring policies only report on the fact that an application was run, while controlling policies will actually intercede in some manner, such as elevating, restricting, blocking, requiring justification/approval, etc.

Within policies, there are subtypes. Subtypes are associated with the types of actions that they are configured to use. A wide variety of subtypes can be created, such as managed [local] users, managed [local] groups, service hardening, etc. For example, if the policy has an Add Administrative Rights action, it's an elevate policy. If it has a Deny Execute action, it's a block/deny policy, etc.

Policies can be created using any of the following methods:

• Policy Wizard
• Workstation Policies
• Policy Templates

Once a policy is created, it must be activated; and if desired, customized further. Refer to Activating_and_Customizing_a_Policy.

Using Policy Templates

Verify Privilege Manager ships with most commonly used policy templates. These are utilized by the policy wizard when creating a new policy.

IBM Security also provides templates that do not ship with the product, but that can be downloaded via Configuration Feeds from within the Verify Privilege Manager Console. Once downloaded and installed, customers can access those policy templates via Admin | Folders. Here a new policy can be created based on a template from a drop-down list. This policy will have associated targets, filters, and actions set, which can be further customized to cover an organization’s specific needs. Also refer to Configuration Feeds.