File-Based Policy Settings

The File-Based Policy Settings defines the behavior of File-Based Policy.

The default behavior is for the deviceTRUST agent to load File-Based Policy located within the deviceTRUST policy folder. This behavior can be customized to only load File-Based Policy imported into the policy folder by an authorized user, or to never load file-based policy.

The following controls are available:

Load all policy files from policy folder - When selected, any file located within the policy folder will be loaded.
Load policy files imported by one of the following accounts - When selected, only users within the Permitted Accounts can import File-Based Policy into the policy folder using the dtcmd tool. See Importing below.
Do not load policy from disk - When selected, policy files will not be imported from the policy folder. This option is only used when defined within a GPO.

Importing

When Load policy files imported by one of the following accounts has been enabled, only users within the Permitted Accounts can import File-Based Policy into the policy folder using the dtcmd tool.

Permitted users can import file-based policy using the following command:

dtcmd IMPORT /add:<filepath>

Permitted users can remove file-based policy using the following command:

dtcmd IMPORT /remove:<filepath>

Permitted users can remove all file-based policy using the following command:

dtcmd IMPORT /clear

For more information on deviceTRUST policy see Policy Loading

File-Based Policy Settings

Importing

We use cookies and Google Analytics to understand the use of this website. By knowing the pages you use most, we can better focus our efforts to enhance your documentation. See our Privacy Policy for details.