Policy Central Enterprise

Policy Central Enterprise

Summary: Enforcing the acceptable use of business computers is often a tricky business. This application helps manage an AUP (Acceptable Use Policy) by placing the onus on individual users.

TOPICS: Microsoft
Introduction | How we tested | PCE | Verdict

The main features of PCE are controlled on the PCE server via a Web console interface. This is served via IIS and is accessible locally or from a remote workstation. The console view is split up into different tabs which control all the various features of the app.

Summary page - what's happening within PCE
[Click to enlarge]
Summary page:
what's happening within PCE

Displays a summary of captured information: the most recent captures, users with the most captures against them, database statistics, top five Web sites and top five Web site users.

Allows you to administer desktop filtering -- which is essentially what happens on the client computer -- and how PCE responds. The client software can be set to run in active or stealth mode -- active mode places a -PC" logo in the system tray, but users can't interact with it. The policy statement can be made to show every time a workstation is turned on, or every time a user logs on (useful for public access machines).

When the client detects a violation, the default action is to take a screenshot and log the incident, but it can also display a violation warning screen or close the application window.

Configure what happens on each client, and what words to look out for
[Click to enlarge]
Configure what happens on each client,
and what words to look out for

The desktop library has a number of pre-defined words in various categories. You can increase or decrease each filter or turn it off completely, depending on the level of restriction you wish to apply.

The Disabled Word Library lets you put in specific words which are exempt from the desktop library. Even if it's a word which would otherwise have flagged a violation, once it's disabled it won't cause any action to be taken. Similarly, the Blocked Word Library lets you specify words which will flag a violation.

The last entry on this screen lets you set the policy for offline clients. Clients which can't communicate to the PCE server will either have the client disabled until they re-establish communication, or the client can continue to monitor violations, store them locally and then forward all the stored incidents to the server on re-connection.

This screen is similar to desktop filtering, but is specific to Internet activity. By default, PCE will log all Web sites visited as well as chat sessions within MSN Messenger 7.5, Yahoo Messenger 7.5, AOL Messenger 5.9 and AOL Triton 1.0. It also allows you to scan Internet activity and block URLs which fall into particular pre-defined categories, like pornography, gambling or Web mail.

Lock down your Internet access!
[Click to enlarge]
Lock down your Internet access!

You can also maintain a list of allowed and blocked sites (domain names) and apply those rules to either the currently selected group or globally across all groups. To be really restrictive, PCE has the ability to only allow access to a manually-defined list of sites, with all other sites blocked.

Finally, you can prevent the selected group from accessing the Internet during particular times. This is convenient if you have rigid work hours and wish to prevent employees accessing the Internet outside of this time, or if the users are school students.

Application management lets you add applications to a list. Each entry is subject to a policy acceptance requirement and/or time restrictions and can be applied to a single group or globally. You can also modify the text of the policy statement.

Allows you to be notified by e-mail when a violation takes place. You can specify how many captures are contained in each e-mail, and which addresses they are to be sent to.

Group Settings
Shows you the users contained in each user group, or each workstation contained in the workstation groups (viewed on the left-hand side of the screen). You can move users and workstations between groups, or add new users. Any user can have their rights revoked for a specified time, and you can browse their activity to date.

Lets you define various settings for the PCE application. You can set a maximum number of captures per user and whether the capture is done in black & white (faster) or colour (slower but more detail).

Active Directory synchronisation is set-up through this page -- enter in the domain/administrator details, and then you can pull AD groups or users into the PCE database. Existing computers or users won't be overwritten.

This is also the area to define the proxy server, SMTP server, cache server and time synchronisation. Additionally you can specify a redirection URL when a blocked URL is accessed. By default it's the Security Software Web site, but you can make it a descriptive internal page.

Console Users
By default there is one admin account for accessing the PCE console. Here you can change the default admin password and add more console users.

Create rich activity reports
[Click to enlarge]
Create rich activity reports

The log screen allows you to view logs from any and all events. The search criteria are quite flexible -- you can search on users, groups, machines, event types and time ranges.

The reporting feature gives you a rundown, based on the report criteria. You can generate Web, chat or capture reports, which can then be exported to Excel, Word, PDF, RTF or HTML.


There are currently no prices available for this product.

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion