Components: EgoSecure Server, EgoSecure Agents
Operating system: Windows
Products (Licenses) can be activated either for users or for computers. When products are activated for the computer, the settings of the computer take effect, regardless of the rights for a user registered there. Activating products for computers is only useful for certain products or for computers where restrictions apply to all users without distinction.
Not all products can be activated on the computer and on the user. The following table describes where products of EgoSecure Data Protection can be activated.
Activated only for computers
Activated only for users
Activated on users and on computers
Data Loss Prevention
EgoSecure verifies and prioritizes the permissions in the following order:
Priority 1: Computer rights
Products are activated on the used computer
Priority 2: User rights
Products are activated on the user
In the EgoSecure Data Protection Console define, which permissions are assigned to computers and users (known + unknown) and which permissions are applied to computers and users working in online or offline mode. It depends on the product activation how these permissions are applied.
When a user logs
on to a computer, the currently valid permission profile is displayed in the User rights tab of the local EgoSecure Agent .
In addition, the profile displays whether the user's computer is in online or
offline mode. Offline mode means that the computer where the EgoSecure Agent is running has no
connection to the EgoSecure Server .
1. Activating products for a computer or for a computer and a user
To apply the permissions to a computer and to all users who log on to this computer, activate the product for the computer. Regardless of the products and rights, assigned to this user, the settings are applied to the computer.
⇒ Permission profile displayed on the Agent: Computer rights
In the following example the product Device Encryption is activated for the computer:
Every user registered on this computer can use the product with the settings set for the computer.
2. Activating products for a user
Once a product is activated for a user, this product can be used on every computer with installed EgoSecure Agent . Once the product is activated only for the user and not activated for the used computer, the settings assigned to the user take effect. This can be the default rights for users, group rights or individual device permissions.
a) A user can be assigned to a computer, for which he has special access rights. For this purpose, special access rights are applied to the assigned object. These computer-dependent access rights apply to the user if the Access Control product is activated for the user and not
activated for the assigned computer.
In the example below, User_02 has no access to CD/DVD in general (1), but has full access to CD/DVD when he logs on to this computer (2).
⇒ Permission profile displayed on the Agent: User + computer rights
If a user is not assigned to a computer, he has the same access rights on all available computers. If the Access Control product is activated for the user and not activated for the computer, the user-defined access rights are applied.
⇒ Permission profile displayed on the Agent: User rights
If the product activation failed for both a user and a computer, EgoSecure Data Protection will not run on the client.
The only exclusion is the Access Control module:
users who are not in the directory service structure or new users of the directory who haven't been yet synchronized are managed as unknown users. For unknown users, no licenses are applied, but they get rights and restrictions defined for unknown users. These settings are configured in the Unknown users default profile.
⇒ Permission profile displayed on the Agent : Unknown user rights
If the user of the directory service structure is known, the not activated profile is assigned. The user has no access restriction on devices.
⇒ Permission profile displayed on the Agent : User rights (User not activated)