A policy is a collection of application settings that are specified for an administration group. A policy does not define all application settings.
Multiple policies with different values can be configured for a single application. However, there can be only one active policy for an application at a time within an administration group.
You can activate a disabled policy upon the occurrence of a certain event. This means, for example, that you can enforce stricter anti-virus protection settings during virus outbreaks.
An application can run under different settings for different administration groups. Each group can have its own policy for an application.
The application settings are a combination of the policy settings and the task settings.
Nested groups and slave Administration Servers inherit policies from groups that belong to higher levels in the hierarchy.
You can find the Inherit settings from parent policy option in the Settings inheritance subsection of the General section in the properties window of an inherited policy. You can disable inheritance from a parent policy at any time, if this setting is not locked in an upper-level policy.
In the Application settings sections, you can lock settings that you do not want changed in child policies. Each setting represented in a policy has a lock symbol: . The "lock" shows whether settings of the policy can be modified in lower-level policies of the hierarchy levels (for nested groups and slave Administration Servers). If the lock is applied to a setting in a policy for a group, you cannot redefine the value of this setting for subgroups of this group.
You can also create a special policy for out-of-office users. This policy takes effect on a device when the device shifts into out-of-office mode. Out-of-office policies do not affect other policies through the hierarchy of administration groups.