BestCrypt Data Shelter protection policies can be created and managed both in Jetico Central Manager and on client computers.

Before creating a policy, make sure you understand the policy structure described in Protection Policies and the access control logic described in Protection Rules.

There are two main ways to create a protection policy:

      1. Create a policy manually in JCM.
        A policy created in the JCM Console is called a Global Policy. Global Policies are centrally managed and can be applied to individual client computers or computer groups.

      2. Create or adjust a policy on a client computer and import it into JCM.
        A policy created or edited on a client computer is called a Local Policy. Local Policies can be useful when the administrator wants to build a policy based on the actual configuration or activity of a representative computer.

The interaction between Global Policies and Local Policies is explained later in this article. First, this section explains when to use each policy creation method.


Creating a Global Policy Manually

A Global Policy is created and managed in the JCM Console.

Use this method when you already know:

    • which folders must be protected;
    • which users should be allowed to access the protected data;
    • which applications should be allowed to access the protected data;

This is the standard central management workflow. The administrator creates the policy in JCM, defines the protected folders and protection rules, and then applies the policy to computers or computer groups.

For step-by-step instructions, see Creating a Global Policy Manually.

Importing a Policy from a Client Computer

Another way to start using a protection policy in JCM is to import a policy from a client computer.

This approach is useful when the administrator wants to build a policy from the actual configuration or activity of a representative computer instead of defining all folders, users, and applications manually in JCM.

On the client computer, BestCrypt Data Shelter can help create a Local Policy by:

    • scanning the protected folder and identifying programs associated with the file types found in that folder;
    • analyzing folder access history and detecting which programs actually access the protected data;
    • creating or adjusting the policy manually.

A Local Policy can also be adjusted after a Global Policy has already been applied to the client computer, if local policy editing is allowed.

After the policy is imported into JCM, it becomes a Global Policy. The imported policy can then be reviewed, adjusted, and applied to other client computers or computer groups.

For step-by-step instructions, see Importing a Policy from a Client Computer.

How Global and Local Policies Work Together

A Global Policy is the reusable policy object managed in JCM. It can contain generalized folder paths and application references so that the same policy can be applied to multiple client computers.

When a Global Policy is applied to a client computer, BestCrypt Data Shelter converts it into a Local Policy. The Local Policy reflects the actual folder paths and application locations on that computer.

For example, a Global Policy may include the following folder path:

C:\Users\*\Downloads\

On a specific client computer, this path may be resolved as:

C:\Users\Alice\Downloads\

JCM can display the Local Policy so that administrators can verify how the Global Policy was applied on that computer.

Importing a Local Policy back into JCM is most useful when the policy was created, adjusted, or refined on the client computer. After import, the Local Policy becomes a new Global Policy that can be reused for other client computers or computer groups.

Next Steps

To create a policy directly in JCM, continue with Creating a Global Policy Manually.

To create a policy from a real client computer configuration, continue with Importing a Policy from a Client Configuration.