Well, the point is to set the particular settings as a convenience to our employees (such as allowed ports for a lot of the tools we use internally, Synergy for example, exclude certain paths from scanning, Visual Studio paths, source and binary paths on developer machines etc) so they don't all have to do it themselves when we roll it out using the Agent. But, as they are all Administrators and we trust their judgement, we still want these settings to be editable, as they may have their own special needs. So "don't set the said settings" is a bit of a "cop out" in my opinion. If I don't set the setting in the policy (to avoid the padlock), I will have to either instruct all the employees how to apply the various settings themselves, or do it myself X number of times.. Surely there must be a way to apply a setting without restricting it?
We just switched over to ERA 6 + Endpoint Security 6.x, and I'm having some issues with the new Policy Manager. I simply want to set up a configuration default which is reasonable for our company, but still allow end-clients to modify their settings. The problem is, if I create my own policy, tweak the settings, then apply it to the Static Group "All", the configuration is applied, but those settings are also turned to "Read-Only" on the client side. How do I make the ERA apply policies on clients without turning the setting read-only? The built-in policies don't seem to make their settings Read-Only? Unfortunately hxxp://help.eset.com/test/era_admin/6/en-US/index.html?admin_pol_policies_wizard.htm hxxp://help.eset.com/test/era_admin/6/en-US/index.html?amin_pol_assign_policy_to_group.htm hxxp://help.eset.com/test/era_admin/6/en-US/index.html?admin_pol_flags.htm don't mention anything about Read-Only settings. Any ideas? I need to set Trusted Zones, Excluded Paths, a few firewall rules without locking it all down. Thanks! -- .marius