EgoSecure GmbH
            Help Center Knowledge Base EN Basics

            Variants of product activation and their impact on permission profile

            ID: 17121301
            Languages: EN, DE
            Components: EgoSecure Server, EgoSecure Agents
            Operating system: Windows

            Products (Licenses) can be activated either for users or for computers. When products are activated for the computer, the settings of the computer take effect, regardless of the rights for a user registered there. Activating products for computers is only useful for certain products or for computers where restrictions apply to all users without distinction.
            Not all products can be activated on the computer and on the user. The following table describes where products of EgoSecure Data Protection can be activated.

            Activated only for computers
            Activated only for users
            Activated on users and on computers
            BitLocker
            Green IT
            Antivirus
            Inventory
            Cloud Encryption
            Folder Encryption
            Networkshare Encryption
            Password Manager
            Permanent Encryption
            Secure Erase
            Data Loss Prevention
            Access Control
            Application Control
            Device Encryption
            Insight
            IntellAct

            EgoSecure verifies and prioritizes the permissions in the following order:

            Priority 1: Computer rights
            Products are activated on the used computer
            Priority 2: User rights
            Products are activated on the user

            In the EgoSecure Data Protection Console define, which permissions are assigned to computers and users (known + unknown) and which permissions are applied to computers and users working in online or offline mode. It depends on the product activation how these permissions are applied.
            When a user logs on to a computer, the currently valid permission profile is displayed in the User rights tab of the local EgoSecure Agent .
            In addition, the profile displays whether the user's computer is in online or offline mode. Offline mode means that the computer where the EgoSecure Agent is running has no connection to the EgoSecure Server .

            1. Activating products for a computer or for a computer and a user
            To apply the permissions to a computer and to all users who log on to this computer, activate the product for the computer. Regardless of the products and rights, assigned to this user, the settings are applied to the computer.
            ⇒ Permission profile displayed on the Agent: Computer rights

            In the following example the product Device Encryption is activated for the computer:

            Every user registered on this computer can use the product with the settings set for the computer.

            2. Activating products for a user
            Once a product is activated for a user, this product can be used on every computer with installed EgoSecure Agent . Once the product is activated only for the user and not activated for the used computer, the settings assigned to the user take effect. This can be the default rights for users, group rights or individual device permissions.

            a) A user can be assigned to a computer, for which he has special access rights. For this purpose, special access rights are applied to the assigned object. These computer-dependent access rights apply to the user if the Access Control product is activated for the user and not activated for the assigned computer.

            In the example below, User_02 has no access to CD/DVD in general (1), but has full access to CD/DVD when he logs on to this computer (2).

            Permission profile displayed on the Agent: User + computer rights


            b) If a user is not assigned to a computer, he has the same access rights on all available computers. If the Access Control product is activated for the user and not activated for the computer, the user-defined access rights are applied.
            Permission profile displayed on the Agent: User rights


            3. Failed activation
            If the product activation failed for both a user and a computer, EgoSecure Data Protection will not run on the client.
            The only exclusion is the Access Control module: users who are not in the directory service structure or new users of the directory who haven't been yet synchronized are managed as unknown users. For unknown users, no licenses are applied, but they get rights and restrictions defined for unknown users. These settings are configured in the Unknown users default profile.
            Permission profile displayed on the Agent : Unknown user rights


            If the user of the directory service structure is known, the not activated profile is assigned. The user has no access restriction on devices.
            Permission profile displayed on the Agent : User rights (User not activated)



            Updated: 09 Jul 2018 01:17 PM
            Helpful?  
            Help us to make this article better
            0 0