Policy Hierarchy

View in browser

Overview

This article covers the order of policies as they apply to your computers. The first policy that a file matches is the one that is processed and no further policies will be applied to that file.  

Application Control

1. Global - (Designed for MSPs) policies under the Global computer group will apply first to the parent organizations and all child organizations. Policies placed at this level will apply FIRST.
2. Global Group {GroupName} - (Designed for MSPs) policies under these groups will apply to any computers for the parent and child organizations that are a part of a computer group that matches the name after the "-" (e.g. policies under Global-Workstations will apply to all parent and child organizations in the Workstations groups). Policies placed at this level will apply SECOND.
3. Entire Organization - policies at this level will apply to all computers within the single organization being managed. Policies placed at this level will apply THIRD.
4. Computers {Hostname} - Located under the Computers section in the "Applies to" dropdown list under the Policies page, policies located here will apply to the single computer selected. Computer level policies will apply FOURTH.
5.  Computer Group {GroupName} - Located under the Groups section in the "Applies to" dropdown list under the Policies page, policies located here will apply to any computers under the selected group (e.g. policies under Workstations will apply to all computers in this organization installed under the Workstations group). Computer Group level policies will apply LAST.

At the bottom of each group (excluding Global and Template groups) is the "Default - {GroupName}" policy; this is the catchall policy responsible for denying unknown applications. The default policy is set to Request by default.  

Storage Control

The order is identical to Application Control, however, there is currently no Global option for Storage Control