Hi,
Quick question/suggestion on policies....
Is the "Base" policy essentially the "Sophos Recommended" at the time the user environment is created or is it subject to change over time?
Further to that, are all policies (user defined) subject to change by Sophos at any point?
I can imagine the scenario where a new option comes along which Sophos believes should be enabled. Will all the users pick this up on the next poll? If so, presumably I have no control over this or will it only go into Base, leaving me to define it in my policies for those users that match my polices not base? If this is the case, how would I know it now exists?
Would it not be better if the Base policy was "Sophos Recommended" which could be dynamically manipulated by Sophos as a live feed. User polices could optionally inherit this as the base. I would then only need to configure things specific to me, such as exclusions, scheduled scans, etc... and inherit the dynamic Sophos defaults of everything else.
If I didn't want new settings to be automatically deployed I would choose not to inherit the Sophos Recommended in my policies but to define all options.
Many products today detail if the managed software differs from the policy defined by the admin, which is fine. It would be as important to know (certainly for the admin) if the admin settings comply with the Sophos Recommended/best practice as over time things may change. Having a Sophos Recommended policy would allow the system to highlight which settings may require attention.
I hope that makes sense.
Regards,
Jak
Guest User!
You are not Sophos Staff.
