Policy groups

SafeGuard Enterprise policies can be combined in policy groups. A policy group may contain different policy types. In the SafeGuard Management Center, a Default policy group is available that is assigned to Root under Users and Computers by default.

If you put policies of the same type in a group, the settings are merged automatically. In this case, you can define priorities for using the settings. The settings of a policy with a higher priority overwrite the settings of a policy with a lower priority.

A defined policy setting will overwrite settings from other policies, if

  • the policy with that setting has a higher priority.

  • the policy setting has not been defined yet (not configured).

Note Overlapping policies assigned to a group might result in incorrect calculation of the priorities. Ensure that you use disjunctive policy settings.

Policy groups must always contain at least one policy. Policy groups with no content disrupt the use of other policies. Make sure that you use policy groups only if they also contain a policy.

Exception concerning device protection:

Policies for device protection are only merged, if they were defined for the same target (for example boot volume). If they are for different targets, the settings will be added.

Unmanaged endpoints

The most common reason for using policy groups is to use them for initial configuration of unmanaged Windows SafeGuard Enterprise endpoints.