Assigning Computer Policies

To apply a computer policy to many computers simultaneously:

1. In the Imprivata Admin Console, go to the Computers menu > Computers page.

2. Select the computers that will be subject to the policy. Use the Search for Computers tool to find the ones you need.

   You can view additional pages of the Computers list without losing your selections. Your selections are tracked and displayed with a counter at the top of the page.

3. Click the Change Policy button. The Change Policy dialog box opens.

4. Select Choose a policy and a policy for the selected computers.

5. Click Apply Policy. The change takes effect the next time each Imprivata agent contacts the Imprivata server.

Use computer policy assignment rules to assign a computer policy to existing computers, and to automatically assign a policy to computers added in the future.  Policy Assignment rules support up to:

• 500,000 Active Directory Security Groups

• 5,000 Active Directory Organizational Units

• 150,000 computers within OneSign

To automatically assign policies:

1. In the Imprivata Admin Console, go to Computers > Computer policy assignment.

2. At the top of the assignment pane, set a Site: location and Schedule: frequency to control how the rules run. This setting applies to all assignment rules.

3. Click Add New Rule.

4. Name the assignment rule, and select one of the following options:

   • Active directory groups — Select one or more groups to add. When you close the group selection window the rule displays the number of groups you chose.

   • Active directory OUs (Organizational Units) — Select one or more OUs to add. When you close the group selection window the rule displays the number of OUs you chose.

   • Computer IP address — Enter the range of IP addresses to include in this computer policy

   • Computer host name — A computer matches if its host name contains the text entered in this field

   • Imprivata agent type — Choose an agent type from the list

5. In the field Apply this computer policy, select a computer policy.

6. Click Save.

   Once you have created a rule you can leave it enabled, or set it to a disabled state using the button at the top of the rule pane.

   To reassign computer policies already assigned to computers, see To apply a computer policy to many computers simultaneously:.

Reordering Computer Policy Auto-Assignment

When there is more than one rule listed, computers are assigned the first policy for which they match the selection criterion. You can reorder the list of policy assignment rules. Drag and drop the rule box by the "gripper" on the left side and drop it above or below another rule.

Super Administrators can assign policies to many computers by importing a file that contains the usernames or hostnames and their desired policies. Computers and policies must already exist in the Imprivata database. The list can assign different policies to different computers.

To assign many computer policies simultaneously:

1. Create a CSV file listing all the policies to be assigned and the usernames or hostnames to which they will be assigned. The list must be in the following format:

   Version,1.0

   Policy,User or Policy,Hostname

   <VALUE>,username@domain or <VALUE>,hostname where VALUE is the exact name of the policy.

   The following image shows an example of a correctly formatted CSV file that assigns many user or computer policies simultaneously:

   

2. Go to the Computers menu > Computers page and click the Bulk Actions link. The Bulk Actions window opens.

3. Click Assign computer policies.

4. Browse to and upload the CSV file, then click Next. A preview is displayed, showing any errors such as usernames that do not match any name in the Imprivata database.

   NOTE: Policy names, usernames and host names that do not match Imprivata records are not processed; they do not cause the operation to fail.

5. Resolve any issues as needed, then click Go. The operation proceeds and the Computers page is regenerated.