Creating a Deny Zone
Deny zones are evaluated first. If there is a device profile match (for example, if a certain file or registry key is
found on the device), the user is denied access and logged out.
To define a Deny zone
In the AMC, navigate to User Access > End Point Control.
The End Point Control page displays.
In the Zones and Profiles section, click Edit next to Zones.
The Zones and Profiles page displays.
Click the + (New) icon.
Select Deny zone from the dropdown list.
The Add Deny Zone page displays.
In the Name field, type a meaningful name for the zone (for example, Google Desktop present).
(Optional) In the Description field, type a descriptive comment about the zone.
In the All Profiles list, select the checkbox for any device profiles that you want to require in the zone, and then click the checkmark icon. (Only one of the profiles in the In Use list needs to match in order for the device to be placed in the Deny zone you are creating.)
For example, the device profile definition might require that the application
GoogleDesktop.exe is found on the device, the device is a match for the Deny zone you
named Google Desktop present, and the user is denied access and logged off.
- If there are no device profiles previously configured, click + (New) icon to add one. See Defining Device Profiles for a Zone for more information on creating profiles.
- At the Customization section at the bottom of the Zone Definition page, you can customize the message
that denied users see when they are logged out (for example,
Your system is running Google
which poses a security risk).
For information on how to copy or delete an EPC zone, see Adding, Editing, Copying, and Deleting Objects in AMC.
Was This Article Helpful?
Help us to improve our support portal