Topic
This article explains Agent control policies in ControlOne.
Environment
- Cytracom ControlOne
Description
Agent control policies are part of ControlOne's always-on security. They let you specify the permissions your users have when interacting with the ControlOne Agent.
Navigating to Agent control polices
1. In the ControlOne portal, click Zero Trust in the left-hand navigation bar.
2. Click the Agent Control Policies option at the top of the screen.
Adding an Agent control policy
1. Click the Add New button at the top of the screen.
2. A dialog box will appear. Name your policy and click the Create button.
You can see the new policy in the center of the screen.
This view shows current policy settings, including:
- The number of zones protected
- Restrictions on disconnecting or pausing the Agent
- Restrictions on displaying the ControlOne GUI on login to the OS
- Whether users can enable or disable WiFi Protection
- Background Connect Control status when the GUI quits
Setting Agent Control Policy
If you have a single policy in place you will see the policy options on the right-hand side of the screen. If you have multiple policies in place, click the policy you wish to configure to bring up its options.
Here, you can configure the following options:
1. Connection control: Specify whether users can disconnect or pause the Agent.
2. GUI Launch Control: Choose whether the system will launch the Agent's GUI on login to the OS. Click the Allow User Control slider to enable users to affect this setting.
3. WiFi Protection: This setting adds a policy to the host firewall that blocks unsolicited inbound traffic. Click the Allow User Control slider to enable users to affect this setting.
4. Background Connect Control: This setting lets you decide if ControlOne will stay connected when the GUI quits. Click the Allow User Control slider to enable users to affect this setting.
5. Account Control: This setting lets you decide if users can log out of the agent.
6. Exempt Users: Click the Manage link to designate users as Exempt from overall Agent control policy. Exempt users can perform functions like logging out of the Agent even if you've set Account Control to "User cannot log out."
7. Exempt Devices: Click the Manage link to designate the devices with which users connect as exempt from the Agent control policy.
8. Protected Zones: Click the Manage link to designate the protected zones.