Managing settings

Settings, also called “settings profiles” or simply “profiles”, offer administrators a simple way of establishing security and connectivity parameters for the computers managed through Advanced EDR.

Strategies for creating settings profiles

Administrators can create as many settings profiles with different settings as necessary to manage network security for different types of computers and devices. We recommend that you create separate settings profiles for groups of computers with similar protection needs.

  • Computers used by people with different levels of IT knowledge require different levels of permissiveness with respect to the running of software.

  • Users with different tasks to perform and therefore with different needs require settings that allow access to different resources.

  • Users who handle confidential or sensitive information require greater protection against threats and attempts to steal the organization’s intellectual property.

  • Computers in different offices require settings that allow them to connect to the Internet using a variety of communication infrastructures.

  • Critical servers require specific security settings.

Overview of assigning settings profiles to computers

In general, assigning settings profiles to computers is a four-step process:

  1. Creation of groups of similar computers or computers with identical connectivity and security requirements.

  2. Assigning computers to the corresponding groups.

  3. Assigning settings profiles to groups.

  4. Deployment of settings profiles to network computers.

All these operations are performed from the group tree, which is accessed from the Computers menu at the top of the console. The group tree is the main tool for assigning settings profiles quickly and to large groups of computers.

Therefore, administrators must put similar computers in the same group and create as many groups as there are different types of computers on the network.

For more information about the group tree and how to assign computers to groups, see The Computer tree panel.

Immediate deployment of settings profiles

After a settings profile is assigned to a group, it is applied to the computers in the group immediately and automatically, in accordance with the inheritance rules described in section Indirect assignment of settings profiles: the two rules of inheritance. These settings are applied to computers in just a few seconds.

For more information about how to disable the immediate deployment of settings profiles, see Configuring real-time communication.

Multi-level tree

In medium-sized and large organizations, there can be a wide range of settings profiles. To make it easier to manage large networks, Advanced EDR enables you to create multi-level group trees so that you can manage all computers on the network with sufficient flexibility.

Inheritance

In large networks, it is highly likely that the administrator wants to reuse existing settings profiles already assigned to groups higher up in the group tree. The inheritance feature enables you to assign a settings profile to a group, applying it automatically to all groups below it in order to save time.

Manual settings

To prevent settings profiles from being applied to all lower levels in the group tree, or to assign settings profiles different from the inherited ones to a certain computer on a branch of the tree, you can manually assign settings profiles to groups or individual computers.

Default settings

Initially, all computers in the group tree inherit the settings profile established for the All root node. This node comes with a series of default settings created in Advanced EDR with the purpose of protecting all computers from the outset, even before the administrator accesses the console to configure a security settings profile.