Endpoint policies galore


If you have a freshly installed UAG server in front of you, you might be considering which Endpoint policies to set for your applications. UAG comes with no less than 27 built-in predefined policies just for Windows computers (plus another 34 policies for Mac and Linux), but their naming doesn’t always indicate what they actually do. Technically, it’s quite easy to see it by opening each one and seeing, but I’d like to save you some of that time. Here are all the policies, and their default configuration:

Default Non Web Application Access

This policy contains the default “Any Anti Virus” policy, which requires the endpoint to have any AV product installed, updated and running. Any AV that is supported by the Windows Security Center (Action center in Windows 7) would meet that sub-policy. In addition, this policy requires that the computer meets the certified endpoint policy, or the corporate machine policy, or the privileged endpoint policy, or have the endpoint cleanup component installed and running.

Default Privileged Endpoint

This policy requires that the computer meets the policies defined as “privileged endpoint” on the trunk.

Default Session Access

This policy has no requirements

Default Web Application Access

This policy has no requirements

Default Web Application Download

This policy requires that the computer meets the certified endpoint policy, or the corporate machine policy, or the privileged endpoint policy, or have the endpoint cleanup component installed and running.

Default Web Application Restricted Zone Access

This policy has no requirements

Default Web Application Upload

This policy contains the default “Any Anti Virus” policy, which requires the endpoint to have any AV product installed, updated and running.

Microsoft CRM 4 Upload

This policy has no requirements

Microsoft CRM 4 Download

This policy has no requirements

Microsoft CRM 4 Enhanced Security

This policy has no requirements

Microsoft OWA 2010 Download

This policy has no requirements

Microsoft OWA 2010 Upload

This policy has no requirements

Microsoft Office SharePoint Portal Server 2003 Admin Zones

This policy has no requirements

Microsoft Office SharePoint Portal Server 2003 Download

This policy has no requirements

Microsoft Office SharePoint Portal Server 2003 Enhanced Security

This policy has no requirements

Microsoft Office SharePoint Portal Server 2003 Upload Checkin

This policy has no requirements

Microsoft Office SharePoint Server 2007 Download

This policy has no requirements

Microsoft Office SharePoint Server 2007 Upload CheckIn

This policy has no requirements

Microsoft Office SharePoint Server 2007 Enable Explorer View

This policy has no requirements

Microsoft SharePoint Server 2010 Download

This policy has no requirements

Microsoft SharePoint Server 2010 Upload

This policy has no requirements

OWA Private Computer

This policy requires that the computer meets the policies defined as “privileged endpoint” on the trunk.

Microsoft OWA 2007 Download

This policy has no requirements

Microsoft OWA 2007 Upload

This policy has no requirements

Always

This policy has no requirements

Never

This policy is set to block all access

 

As you can see, most of the default policies do not actually have any requirements. They simply include the text “true”, which means that the policy will evaluate to “pass” no matter what the endpoint parameters are:

clip_image002

If you’re asking yourself what is the purpose of having the many policies, with so many of them having no requirements or being identical, the answer is that the policies come in groups, and every top-level group has to have the full set. For example, the Default Web Application policy has to have the four sub policies of Access, Upload, Download and Restricted zone. Even though the Access and Restricted Zone are identical and have no requirements, we still have to have them to complete the Default Web Application policy.


Comments (1)

  1. showbox says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    http://showboxandroids.com/showbox-apk/
    http://showboxappandroid.com/
    Latest version of Showbox App download for all android smart phones and tablets.
    http://movieboxappdownloads.com/ – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    http://showboxappk.com/showbox-for-ipad-download/
    http://showboxappk.com/showbox-for-iphone/
    Showbox for PC articles:
    http://showboxandroids.com/showbox-for-pc/
    http://showboxappandroid.com/showbox-for-pc-download/
    http://showboxforpcs.com/
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android.
    The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.