The policies window displays each policy on the KeyServer, as well as a summary of current configuration and usage.
Policies are defined by administrators, in order to configure what happens with usage of programs within a product. A policy can have an action of Manage, Observe, or Deny. For a Manage Policy, it can impose usage limits and access restrictions on a product (which is comprised of a program or group of programs). Most importantly, a policy can enforce a purchased number of entitlements. However, policies can also restrict who uses products, when, and for how long.
A default policy (KeyVerify Policy) is created at installation. All other items in this window are defined and maintained strictly through KeyConfigure. Unlike the Computers, Programs, and Connected Clients Windows, items are never automatically added to the Policies window, regardless of user activity.
In many cases, a product will be associated with a single policy. Conversely, this policy will only apply to that one product. However, a product can be associated with multiple policies, and similarly, a policy can apply to multiple products. The most common reason to have two policies for a single product is to Manage the product for computers within a certain scope while Observing or Denying it on other computers. For more about Scope, see the Policy Details Window documentation.
In short, a policy can be thought of as a particular set of access and usage rules being applied to one or more items in the Products Window. When a user attempts to run a program which is part of a product, each policy which is associated with the product is used to determine whether the program launch will succeed.
The Display column on the left of the Policies window is used to restrict the policy list on the right to a selected subset. It is divided into four panels. Each one classifies the policy records on the right according to various attributes. Multiple check marks within the same panel increase the selection set - the conditions are OR'd together. Check marks in separate panels decrease the selection set - the conditions are AND'd together. Clicking on the double-check icon that appears between the Display column (left) and the Policy list column (right) will toggle between the current selection and all selected.
The columns in the right hand side of the Policies Window give you a simple overview of all policies. They show the most basic configuration options, as well as a summary of the current usage. Additional columns can be added to the Policies window by right-clicking a column header and selecting “Customize Columns”. Of the default columns, only Name applies to all Policies with all Actions. The rest are only used for Manage Policies.
One way to create a new policy is to drag a product from the Products Window into the Policies Window. You can also right-click in the Policies Window and select Create New Policy. Either way, you will be taken to the Policy Wizard, which will walk you through creation and configuration of a new policy. Alternatively, if you have entered information for the purchase of the product before adding a Policy to manage the policy, you can use the purchase record to create a new Policy according to the Rights & Conditions defined in the purchase record.
Most policy parameters are modified from the Policy Details Window (double click on a particular policy) but some drag actions are also supported.
Right-clicking on a Policy in the Policies window allows you to Reconcile or Edit ACL. Additionally, you will see a list of reports that can be run on that policy.
Right-clicking anywhere else in the policies window allows you to create a New Policy....
Policies in the Policies Window can be Dragged and Dropped into the policies list in the Policies pane of a product details window. This associates the product with the policy.