Working with policies

Enforce policies

Enforce a policy on one or more computer groups for which you have management rights that you have defined in the ADMINISTRATION section of Tanium™ Console. See Tanium Platform User Guide: Managing Computer Groups for more information about creating and managing computer groups. Manual computer groups are not supported by Protect.

  1. Under Enforcements, click Add Enforcement.
  2. Under Create New Enforcement, select the target computer group from the Computer Group list.
  3. Click Enforce.
  4. In the Confirm Enforcement window, enter your password and click Confirm.

If you are using a Common Access Card (CAC), check the Proceed with enforcement of this policy to endpoints box and click Confirm to enforce the policy.

Remove a policy enforcement

  1. Under Enforcements for this Policy, click the delete next to the enforcement you want to remove.
  2. On the next window, enter your password and click Confirm.

If you are using a Common Access Card (CAC), check the Proceed with deletion of this enforcement of this policy on target group “XXXX” box (where XXXX is the name of the target Computer Group) and click Confirm to remove the policy enforcement.

View policies

Select Policies in the left navigation to view all created policies.

Click on a policy to see the configuration of that policy, the number of enforcements, which user created the policy, and when the user created it.

Use the Type and Enforcement Status drop-down menus under Filter Results to see policies of each type.

Prioritize policies

All policies are exclusive, meaning that only one policy of each type can be in effect on an endpoint at a given time. When multiple policies with the same exclusive rule type are enforced against a particular endpoint, Protect must resolve the conflict to decide which policy will be applied.

If an endpoint is enforced with two or more policies of the same type, only the highest priority policy will be applied. Lower priority policies will not be enforced.

Set the prioritization of policies to determine which policy will be applied if a conflict exists.

  1. On the Policies page, select Prioritize.
  2. In the Conflict Resolution Policy column, edit the number to reprioritize a policy. Protect will automatically adjust the numbers next to the other policies and reorder the list by priority.
  3. Click Save to save your new policy prioritization order.
  4. On the Confirm Update of Conflict Resolution Priorities window, enter your password and click Confirm.

If you are using a Common Access Card (CAC), check the Proceed with update of conflict resolution priorities box and click Confirm to enforce the policy.

View policy details

Click a policy to view the Policy Details including all rules associated with that policy.

You can also see details for all Enforcements for this Policy.

Select Add Enforcement to add a computer group to the enforcements.

If you see any Online Partially Enforced Assets or Online Unenforced Assets on the Protect Home page, you should go to Policies and Computer Groups in the left navigation to determine which policies are not being enforced and which computer groups are unenforced.

Last updated: 5/23/2018 10:30 AM | Feedback