Using group policies | Emsisoft Management Console | Emsisoft Tutorial
Hi there. In this video, we’re going to be talking about setting up group policies in the Emsisoft Management Console.
Group policies are basically a collection of settings that you can apply to a defined group of devices. Normally, you’d have to set up your devices one by one, which can be quite time-consuming and difficult to maintain in the long run. But with Emsisoft’s smart group policies system, you can quickly apply settings to groups of devices with minimal effort. This can save you a lot of time, especially if you manage a large number of devices.
Okay, so to get started, open up the Emsisoft Management Console and select your workspace. In the side menu on the left, you can see that the Console supports two types of policies: ‘Protection Policies’ and ‘Permission Policies’.
Let’s start with Protection Policies. Protection policies are bound to your devices. They include all the settings that you can find locally in the protection software on your devices.
In this column, you can see a list of the default policy groups. If you click on one of the groups, you’ll see all the settings relating to that group on the right-hand side of the screen.And, down here, you’ll see a list of all the devices assigned to that group. If you want to move a device to a different group, you can just drag and drop the device, or use the hamburger menu in the device list.
The policy groups are arranged in hierarchies. This means that if you create a new subgroup within a policy, it will inherit all the settings from the parent policy.
We can see this in action if we check the settings over here on the right. Let’s say we change the ‘Detect Potentially Unwanted Programs’ in the ‘Scanner Settings’subgroup. When we do this, you’ll notice that the row is highlighted with a blue bar on the left and bold print. This indicates that that the ‘Detect Potentially Unwanted Programs’
setting has a different value from the parent group, which makes it easy to spot differences in policies. You can reset this setting to the inherited value by clicking the little reset icon here on the right of the row.
Any changes that you make to a protection policy are applied to the devices assigned to that group in a few seconds, as indicated by the moving blue bar at the top.
Now, you might have noticed that the settings here on the right are almost an exact mirror of the settings in the protection software on your devices. But there is one section that’s a bit different, and that’s the ‘Policy Settings’ section. Here, you’ll find some tools that can be very useful in certain situations. Let’s take a quick look at them.
First up, we have ‘Emergency Network Lockdown’. In an emergency situation, you can click ‘Enable Lockdown’ and all devices in that group will immediately be taken offline. When a device is in lockdown, it stays connected to the Emsisoft Management Console, so you can investigate the incident remotely.
Next, we have ‘Traffic relay’. This allows you to designate one of your devices to act as a traffic relay, which means all online updates and communications with the Emsisoft Management Console will happen through that device. You can use this feature to save on bandwidth, and you can also use it to keep your protection software up to date – even if your other devices don’t have direct access to the Internet. You have to enable the relay functionality for one or more devices first, for it to show up in this dropdown list. The relay setting is at the very bottom of the protection settings on single device level. If you’re on the Emsisoft Enterprise Security plan, relay devices can also be used for network exploration in combination with your Active Directory.
Then we have ‘Installation token’. By default, newly installed devices will be added to the ‘New computers’ policy group. But what if you want to add newly added devices to a different group? Well, you can do so by using an installation token. Just click ‘Create’, configure the expiration and renewal settings, and click ‘OK’. As you can see, this creates a tokenized download link that you can click on and send to your users. When you use a tokenized link, devices are automatically added to the selected policy group during installation.
All right, so now let’s take a look at ‘Permission Policies’. Permission policies allow you to define which users can access specific parts of the protection software.
As you can see, the ‘Permission policies’ panel looks and functions a lot like the ‘Protection Policies’ panel. In this column, we have a list of the default Permission groups. And below the Permission groups, you can see a list of all the users belonging to the selected group. Again, you can drag and drop users to different Permission groups, or move them using the hamburger menu in the device list.
When you select a permission group, you can see the settings over here on the right. There are four Permission levels to choose from. We have ‘Full access’, which means users can view and edit all software settings. By default, only members of the Administrators group have ‘Full Access’.
Non-admin users have ‘Basic Access’. This means they can view settings, perform malware scans and respond to malware alerts, but can’t change software settings.
If you want to further restrict user access, you can change the default permissions to ‘Read only’ or ‘No access’. With ‘Read-only access’, users can view settings but they can’t change them. All alerts are handled automatically by the software. With ‘No Access’, users can’t view the interface at all. The software runs on autopilot and makes all the decisions on its own.
If you’re on the Emsisoft Enterprise Security plan, you can link your permission policies to your Active Directory user list. This also allows you to configure permissions with even more granularity on the individual user account level. The permission controls on individual user level are only available in the Emsisoft Enterprise Security plan. The other plans only allowyou to assign permissions for administrators and non-administrators as groups.
Now, let’s say you don’t want any of your users in your workspace to be able to change the settings in your Emsisoft protection software. In this situation, you might want to consider changing your entire workspace to ‘Remote only’ management mode. In ‘Remote only’ mode, all of your settings are controlled exclusively by group policies and your users will only be able to see a stripped back user interface. To enable ‘Remote only’ management, navigate to the Workspace settings panel and, in the ‘General’ settings section, select ‘Remote only’.
That brings us to the end of today’s video. Thanks for joining us. Bye for now.