Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

211

212

213

214

215

216

217

218

219

220

Manage Policies

204

Block

Alert monitors Office macros running in the environment.

Recommended for initi

al deployment.

Block allows Office macros

to run only from specific

folders. This should be used only after testing in Alert

mode.

Note:

Starting with Office 2013, macros are disabled by

default. Most of the time, users should not be required to

enable mac

ros to view the content of an Office document.

Del

l recommends enabling macros only for documents from

trusted users. Otherwise, macros should al

ways be

disa

bled.

PowerShell Alert

Alert

Block

Alert (default)

- Monitors PowerShell scripts running in

the

environment. Recommended for initial deployment.

lock -

Allow PowerShell scripts to run only from specific

folders. This should be used only aft

er testing in Alert

mode.

This policy does not apply to Mac clients.

PowerShell

Console

Allow

Block

Allo

w (default) - Allows the PowerShell v3 console to be

laun

ched.

Block

- Blocks the PowerShell v3 console from being

launched. Provides additional

security by protecting

aga

inst the use of PowerShell one-liners.

Note: If this policy is set to Block and you u

se a script

that launches the PowerShell console,

the script will

fail. It is recommended that users change their scripts to

invoke the PowerShel

l scripts, not the PowerShell console.

This policy applies only to PowerShell v3 and does not

apply to Mac clie

nts.

Enable Approve

Scripts in

Folders (and

Subfolders)

Not Selected

Selected

Not Selected

Allows scripts stored in specific folders to be

autom

atically approved to run. This policy must be

selected to use the Script Control Approve Scripts in

Folders (and Subfolders policy).

Approve Scripts

in Folders (and

Subfolders)

String

Folders specified in this policy are excluded from actions

perfo

rmed based on the Script Control policy. This

exclusion extends to subfolders of folders that are

specified wit

h this policy.

A folder must be specified using it

s relative

path. A path

may not include the drive letter. Example:

Cases\ScriptsAllowed

A spec

ified path may represent any of the following:

- local drive path

- mapped network drive path

- universal naming convention (UNC) path

Quarantine String

String

The value of this policy includes a collection of hashes for portable executable

that need to b

e automatically quarantined within the Endpoint Group or on

the specific Endpoint. This policy will force quara

ntine files based on a SHA256

hash of the specific

portable executable.