Skip to main content
Matrix42 Self-Service Help Center

Variants of product activation and their impact on permission profile

ID: 17121301
Languages: EN, DE
Components: EgoSecure Server, EgoSecure Agents
Operating system: Windows
 

Products (Licenses) can be activated either for users or for computers. When products are activated for the computer, the settings of the computer take effect, regardless of the rights for a user registered there. Activating products for computers is only useful for certain products or for computers where restrictions apply to all users without distinction.
Not all products can be activated on the computer and on the user. The following table describes where products of EgoSecure Data Protection can be activated.

Activated only for computers
Activated only for users
Activated on users and on computers
BitLocker Management
Green IT
EgoSecure Antivirus
Avira Antivirus Management
Inventory
Data Loss Prevention - Data at Rest
Cloud Storage Encryption
Local Folder Encryption
Network Share Encryption
Password Manager
Permanent Encryption
Secure Erase
Data Loss Prevention - Data in Use
Access Control
Secure Audit
Shadow Copy
Application Control
Removable Device Encryption
Insight Analysis
IntellAct Automation

EgoSecure verifies and prioritizes the permissions in the following order:

Priority 1: Computer rights
Products are activated on the used computer

Priority 2: User rights
Products are activated on the user

In the EgoSecure Data Protection Console define, which permissions are assigned to computers and users (known + unknown) and which permissions are applied to computers and users working in online or offline mode. It depends on the product activation how these permissions are applied.
When a user logs on to a computer, the currently valid permission profile is displayed in the User rights tab of the local EgoSecure Agent
In addition, the profile displays whether the user's computer is in online or offline mode. Offline mode means that the computer where the EgoSecure Agent is running has no connection to the EgoSecure Server.

Activating products for a computer or for a computer and a user

To apply the permissions to a computer and to all users who log on to this computer, activate the product for the computer. Regardless of the products and rights, assigned to this user, the settings are applied to the computer.
⇒ Permission profile displayed on the Agent: Computer rights

computer rights (1).jpg

In the following example the product Removable Device Encryption is activated for the computer:

computer settings (1).jpg

Every user registered on this computer can use the product with the settings set for the computer.

Activating products for a user

Once a product is activated for a user, this product can be used on every computer with installed EgoSecure Agent . Once the product is activated only for the user and not activated for the used computer, the settings assigned to the user take effect. This can be the default rights for users, group rights or individual device permissions.

a) A user can be assigned to a computer, for which he has special access rights. For this purpose, special access rights are applied to the assigned object. These computer-dependent access rights apply to the user if the Access Control product is activated for the user and not activated for the assigned computer.

In the example below, User_02 has no access to CD/DVD in general (1), but has full access to CD/DVD when he logs on to this computer (2).

combination access rights (1).jpg

Permission profile displayed on the Agent: User + computer rights

user+computer rights.jpg

b) If a user is not assigned to a computer, he has the same access rights on all available computers. If the Access Control product is activated for the user and not activated for the computer, the user-defined access rights are applied.
Permission profile displayed on the Agent: User rights

user rights (1).jpg

Failed activation

If the product activation failed for both a user and a computer, EgoSecure Data Protection will not run on the client.
The only exclusion is the Access Control module: users who are not in the directory service structure or new users of the directory who haven't been yet synchronized are managed as unknown users. For unknown users, no licenses are applied, but they get rights and restrictions defined for unknown users. These settings are configured in the Unknown users default profile.
Permission profile displayed on the Agent: Unknown user rights

unknown user rights.jpg

If the user of the directory service structure is known, the not activated profile is assigned. The user has no access restriction on devices.
Permission profile displayed on the Agent: User rights (User not activated)

user not activated (1).jpg