4.0 Effective Policy

Disk Encryption policies can be assigned to devices and device folders. This means that a device could have both direct assignments (on the device) and inherited assignments (from its membership in folders). However, only one policy is the effective policy that is applied to the device.

The effective policy is determined by where the assignment occurs in the ZENworks management hierarchy, using the following order of precedence:

  1. Device

  2. Device Folder

In general, the policy “closest” to the device becomes the effective policy. This means that a policy assigned to the device precedes a policy assigned to one of the folders in which the device resides.

The order of precedence also takes into account that each level of the hierarchy includes multiple sublevels. For example, if a device resides in a subfolder of the Workstations root folder, it might inherit assignments from both folders. The following table expands the levels to show the complete order of precedence:

Level

Order of Precedence

Example

Details

Device

  1. First policy listed

  2. Second policy listed

  3. Third policy listed

  1. Policy B

  2. Policy A

When two or more Disk Encryption policies are assigned directly to the device, the effective policy is determined by which one is listed first (at the top) in the device’s Assigned Policies list in ZENworks Control Center.

In the example, Policy B is the effective policy because it precedes Policy A.

Folder

  1. Device folder

    1. First policy listed

    2. Second policy listed

  2. Parent folder

    1. First policy listed

    2. Second policy listed

  3. Root folder

    1. First policy listed

    2. Second policy listed

  1. Device Folder

    1. Policy I

    2. Policy H

  2. Parent Folder

    1. Policy K

  3. Root folder

    1. Policy R

    2. Policy S

When a device does not have a direct Disk Encryption policy assignment, it inherits its effective policy from the device folder structure.

The effective policy is determined by selecting the first policy in the Assigned Policies list of the folder closest to the device object.

In the example, the effective policy is Policy I because it is the first policy in the folder where the device resides. If the device’s folder did not have any Disk Encryption policy assignments, the effective policy would be Policy K.