Based on the account management choices you made in the last 2 stages, this panel shows a complete list of the ForestSafe Policy that will be automatically configured. If no configuration was made in the previous steps then only the Cancel button is enabled.
To understand what the Local Administrator and Domain Account Policy listed represents please refer to the Local Account Policy and Shared Account Policy in the reference section.
Please consider the 3 following statements:
1. The built-in Administrator account exists on EVERY Domain computer, both Servers and Workstations.
2. A Windows Domain is not secure until the built-in Administrator on ALL computers are managed.
3. The ForestSafe system automatically keeps up to date with additions, modifications and deletions of computer accounts from Active Directory.
Given these facts, the Host Name field in ForestSafe Policy on the Administrator account should always be set to *. This means that ALL hostnames will match this policy item, and this also refers to hosts that are added, and automatically detected, AFTER the ForestSafe Express system is deployed. (their hostnames are unknown)
Making a Host Name match to * means the Policy item is future proof.
On the other hand, some accounts may only exist on a small number of legacy computers, and have been removed from new builds. In this case is best that multiple Policy Items are created, one matching each hostname.
In this instance using * to apply policy to every local Administrator will create unnecessary network traffic.
The Discovery Wizard has a default Local Policy Balance of 3. If an account exists on more than 3 computers, a single * policy item is created. If the accounts is on less that 3 computers, policy items are created for each hostname as shown here:
The default value may not be the most efficient for your network, in which case it can be adjusted.
Consider in the example shown above, the 4 accounts Test, topcat, ibmadmin and taddmacc. Now they exist on less than 5 computers, and it is understood that these accounts are legacy accounts and not found in the default build. So to avoid unnecessary traffic, we should increase the slider to 5 as shown here:
Each invocation creates 4K of traffic per policy item per computer. This control allows you to balance between future proofing and creating unnecessary load on network and the system.
On fast networks, just slide the Local Policy balance to the maximum.
Instructions
To save your configured Policy
1. Check the Balance Local Policy Checkbox (optional)
2. Move the slider to balance the policy (optional)
3. Click Finish to Save your initial ForestSafe policy .