Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 9 subscribers
  • Views 774 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do policies work

KarnIXEval

Hello

Still trialing Sophos - but I have a basic question about policies.

As I understand it Sophos ships with base policies that are un-assignable to users and group and consequently have made these the most restrictive.  I also now that I can create new policies (or clone the base policies) that I can assign to users/computers and that these 'override' the base policy: my question is around the word override.

So, hypothetically (as an example only), if my Base Peripheral control policy allows everything except Portable storage (which is blocked) and I create a new policy for IT that allows Portable storage, would I have to allow everything else in the IT Peripheral policy to ensure only IT can use Portable storage as well as the other types?  I think what I'm trying to ask is are policies merged, or would they stop processing lower policies if the found a match in a higher policy?

Thanks

Tony



This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    For the policies, the order in which you arrange determines which is applied to a specific user and devices. Sophos Central looks through the policies from the top down and applies the first policy it finds that applies to those users or devices and hence topmost assigned policy will be applied. It does not merge the policies. You may refer to this document. Also, there is an excellent example explained by QC in this post. Let us know if you have further concerns. 

  • 0 in reply to Shweta

    Another note, it is best to CLONE from the base policy to create your new ones from there. 

    Also, you can see the specific policies applied to an endpoint by clicking on Devices > [target computer] > Policies tab 

    This will show you the exact application for the machine.

     

Reply
  • 0 in reply to Shweta

    Another note, it is best to CLONE from the base policy to create your new ones from there. 

    Also, you can see the specific policies applied to an endpoint by clicking on Devices > [target computer] > Policies tab 

    This will show you the exact application for the machine.

     

Children
No Data
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?