Planning Computer Policies

Computer policies allow you to set different security parameters for different computers. You create and manage computer policies from the Computer policies page (Computers menu > Computer policies option). The Computer policies page and procedures for creating computer policies are detailed in Creating and Managing Computer Policies.

This topic describes some common types of computer policies.

Computer policies for single-user computers:

  • Use Windows desktop authentication for a single user.

  • Do not support fast user switching.

Computer policies for multiple desktop workstations:

  • Enable a single-user computer to support multiple users with their own desktops.

  • Display the currently logged-in username to help users know when to force a user switch.

  • Are compatible with Citrix and other terminal servers running the Imprivata Citrix or Terminal Server agent.

Computer policies for shared kiosk workstations:

  • Display the currently logged-in username so users know when to force a user switch.

  • Are compatible with Citrix and other terminal servers running theImprivata Citrix or Terminal Server agent.

  • Use features on the Authentication tab > Primary factors section, Proximity card option > Options link to improve speed of authentication for busy users.

  • Use features on the Shared Workstation tab of the computer policy to protect data while facilitating user switching.

Computer policies for terminal servers (including Citrix servers):

  • Support fast Citrix user switching if ticket authentication is enabled.

  • Allow fast Citrix user switching even for users who access the terminal server from a computer with no Imprivata agent.

  • Are not typically used for any other type of computer.

Your environment may require computer policies for agentless endpoints. In this case the Imprivata agent is installed on the Citrix or VMware server, or other analogous broker. For example:

  • A Citrix Workspace app accessing a Citrix XenDesktop on a Citrix XD Server where the Imprivata agent is installed.

  • A VMware Horizon client accessing a desktop configured to use the PCoIP protocol, where the View desktop has the Imprivata agent installed.

To create a computer policy for agentless endpoints:

  1. Ensure that the Imprivata agent is installed on the broker for the endpoints.

  2. Create the policy you want to apply to the agentless endpoints. See Creating and Managing Computer Policies for details.

  3. Log into each endpoint and access a hosted resource. This allows the Imprivata Server to recognize the endpoint and create an entry for it in the Admin Console computer list.

  4. Apply the policy:

    1. In the Imprivata Admin Console, go to the Computers menu > Computers page.

    2. Sort the computer list by agent type to find agentless endpoints - those with no entry in the agent type field.

    3. Select the computers you want, and click the Change Policy button.

    4. Select Choose a policy and a policy for the selected computers.

    5. Click Apply Policy. The change takes effect the next time each Imprivata agent contacts the Imprivata server.