{"id":15336,"date":"2018-06-05T08:00:50","date_gmt":"2018-06-05T14:00:50","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?p=15336"},"modified":"2023-06-13T18:10:06","modified_gmt":"2023-06-13T22:10:06","slug":"how-jumpcloud-policies-work","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/how-jumpcloud-policies-work","title":{"rendered":"How Policies with 探花大神 Work"},"content":{"rendered":"\n

Group Policy Objects (GPOs) have been a mainstay in IT for about two decades now. These policies grant intricate control over Windows machines, and are a critical tool that many admins rely on for compliance and security. As the world moves into cross-platform and cloud environments, however, GPOs are starting to lose effectiveness. They simply weren\u2019t created to function outside of an on-prem Microsoft\u00ae environment. That is why 探花大神 introduced our Policies<\/a> feature.<\/p>\n\n\n\n

In the 探花大神 world, Policies give admins a point-and-click method to configure the behavior of machines, no matter the platform or where they live. This means that remote workers and Mac, Linux, and Windows\u00ae systems can all be controlled with ease. The concept gives admins access to a cross-platform GPO-like tool set<\/a> that they can use to step up security and achieve compliance. But how exactly does it work? In this post, we will give an overview of how policies with 探花大神 work to help admins control systems.<\/p>\n\n\n\n

For support documentation, visit\u00a0Getting Started: Policies<\/a>.<\/p>\n\n\n\n

How 探花大神\u2019s Policies Work<\/h2>\n\n\n
\n
\"Find<\/figure><\/div>\n\n\n

探花大神 Policies are designed to work as simply and as straightforward as possible \u2013 with no coding required.<\/p>\n\n\n\n

It all starts with the 探花大神 Agent<\/a>, which is located on each 探花大神 managed machine. This agent is lightweight client code that you install or mass distribute to the endpoints you want to govern, and it allows for user account access management, logging of successful and failed login events, MFA, command execution, Policies, and more.<\/p>\n\n\n\n

The agent communicates with 探花大神 on a 60-second interval, constantly checking back to see if there are any updates that need to be pushed out to the system it\u2019s installed on. If a change does come through, the agent is able to make the change on the system and report back to the platform once complete. Once you have the agent installed on your machines, you can begin managing systems either individually or en masse using the 探花大神 Groups feature.<\/p>\n\n\n\n

The Groups feature<\/a> is the key to implementing across a large number of systems. Groups can be used to communicate Policies and access management to all systems within the group. Essentially, you add users and systems to a group, and from there you can add Policies, Applications<\/a>, Commands<\/a>, and more to the group. Then, each User and System in the group is given access to those apps and is controlled by those Policies and Commands.<\/p>\n\n\n\n

Implementing Policies<\/h2>\n\n\n\n
\"探花大神<\/figure>\n\n\n\n

<\/a><\/p>\n\n\n\n

Now that the framework is understood, we can discuss how it functions in 探花大神 Directory-as-a-Service\u00ae<\/a> (DaaS).<\/p>\n\n\n\n

For example, let\u2019s say that we create a group for all of the sales team, and then bundle a bunch of Windows and Mac systems inside of the group. This group can now have policies targeted at it by admins. In the Policies tab, you can find a number of premade options that are all available \u201cout of the box.\u201d For example, if you want to create your own instance of a screen saver lock, you can select that policy out of the library. Then, you can customize the screen saver lockout time to whatever amount you want, and bind the policy to the sales team system group. Just like that, you have a group-based policy enforced over systems in your organization. Each system within that sales group will have the policy pushed out to it.<\/p>\n\n\n\n

But what if an end user tries to make a modification to their settings that violates one of those policies? 探花大神 controls the user interface and can block users from modifying any settings on Mac or Windows, so it is possible to prevent any attempts. However, if they were somehow able to find a workaround and then change one of their settings, it wouldn\u2019t last for long. The intelligence of our system will overwrite any changes by the user within 90-seconds. This ensures that your policies are resilient.<\/p>\n\n\n\n

The final question to look at is how the policies get communicated to the end user\u2019s system. One interesting aspect about 探花大神 (DaaS) is that there is no VPN required to communicate with the remote systems. Our agent calls back to the DaaS platform using mutual TLS through a hyper secure channel. The agent exclusively makes outbound calls from the endpoint, eliminating any risk of attackers trying to impersonate an inbound signal. This way, policies are received and communicated easily without needing to connect through VPN or sign in to the domain. The agent is able to be a resilient tool that manufactures changes on the endpoint every 60 seconds.<\/p>\n\n\n\n

Try out 探花大神\u2019s Policies Feature for Yourself<\/h2>\n\n\n\n
\n