How to Use Policy Attributes, Modes, and Actions in AnySecura | User Guide
Welcome! This guide will help you master the core components of an AnySecura policy, starting with the essential attributes that define its scope and priority. You'll learn how to set a policy's level, schedule its active time, and apply it to specific conditions.
Building on that foundation, you'll then see how to choose the right mode to control access and select accompanying actions for enforcement. This knowledge lets you craft precise rules that balance security with productivity across your network.
Administrators can use policies to restrict client access to computers and networks, ensuring proper usage and improving productivity.
Common Policy Attributes
Policies include multiple attributes. Among them, some are common across all policy types and share the same meaning.
| Attribute | Description |
|---|---|
| Name | A user-defined description of the policy. It has no impact on execution. When adding a new policy, the console generates a default name, which administrators can modify. |
| Policy Level | Defines the priority of execution: Normal, High, or Critical. When policies of the same type overlap, execution follows the order: Critical > High > Normal. Note that user policies always take precedence over computer policies, regardless of level. |
| Time | Specifies when the policy is active. By default, it applies all day. Administrators can choose a predefined time type (configured in Category Management → Time Types) or define a custom time range directly. |
| Mode | Determines the action taken when policy conditions are met: Block, Allow, Ignore, or No Action. (See section on modes for details.) |
| Action | Specifies additional responses triggered with the policy, including Alert, Warning, or Computer Lock. These can be applied individually or in combination. (See section on actions for details.) |
| Expiration | Defines when the policy ends. By default, policies are set to Always Active. To set an expiration, enable the option and specify a valid time (later than the current system time). Expired policies are displayed in dark grey with the expiration date shown in red. |
| Offline Only | Determines whether the policy applies only when the client cannot connect to the server (e.g., due to business travel, working from home, or network issues). If unchecked, the policy remains active at all times. |
| Advanced Conditions | Allows policies to be applied only under certain system or device conditions (e.g., OS type, device category). Conditions can be set directly through an expression or selected from the predefined Condition Library in Category Management. |
Note:
- 1. Advanced conditions are supported only by certain policies. Unsupported ones display <None> and cannot be modified.
- 2. For details on condition syntax and best practices, see Category Management → Condition Library.
Policy Modes
Policies can operate in four different modes: Allow, Deny, Ignore, and No Action.
| Mode | Description |
|---|---|
| Allow | Permits the specified operation. Once a policy matches this mode, the action is allowed and no further policies are evaluated. |
| Block | Blocks the specified operation. Once a policy matches this mode, the action is denied and no further policies are evaluated. |
| Ignore | Neither explicitly allows nor denies the operation. The policy actions (e.g., alerts, warnings) are executed, but evaluation continues with subsequent policies to determine whether the operation is ultimately allowed or denied. |
| No Action | Neither allows nor denies the operation, typically used in basic or device-specific policies. Once matched, the system takes no allow/deny decision and does not evaluate further policies. |
Note:
- Some policies may define actions beyond these four modes. Their specific behavior is explained in the corresponding policy sections.
Policy Actions
When a client machine triggers a policy, corresponding actions can be executed. Available actions include Alert, Warning, Lock Computer, and Record Screen.
| Action | Description |
|---|---|
| Alert | Sends an alert from the client to the server. The console displays a pop-up notification to inform administrators, and the alert is also recorded in the policy log. Administrators can configure whether alert bubbles appear via Tools → Options → Real-Time Alerts → Bubble Settings, and view active alerts under Tools → Alerts. Alerts can be set to three severity levels: Low, Important, and Critical. |
| Warning | Displays a dialog box on the client, notifying the user that a restricted action was attempted. Administrators can customize the warning message shown to end users. |
| Lock Computer | Automatically locks the client machine, preventing any further operations by the user. Administrators can unlock the machine via Console → Control → Unlock. |
| Record Screen | Captures the client's screen immediately when a policy is triggered. By default, three screenshots are taken at two-second intervals. Captured images can be reviewed under Screen History. |
Policy Matching Priority
Policies follow a firewall-like matching mechanism. Each policy set may contain multiple rules, evaluated in order. The first matching rule is applied. In addition, each object automatically inherits policies from its parent object.
Administrators can define policies at multiple levels: network, group, computer, and user. Objects with assigned policies are marked with a red flag icon"
". The priority of policy matching, from highest to lowest, is: User Policy → User Role Policy → User Group Policy → User Group Role Policy → Computer Policy → Computer Role Policy → Computer Group Policy → Computer Group Role Policy
Inherited policies from parent groups are displayed with a light green background and cannot be modified. For string-based policy fields, wildcards are supported. Multiple values can be entered, separated by a semicolon (";") or comma (",").
Policy Icon Guide
| Icon Button | Description |
|---|---|
 |
New:Click to add a new policy. |
 |
Move Up:Moves the selected policy up one position. |
 |
Move Down:Moves the selected policy down one position. |
 |
Delete:Deletes the selected policy. |
 |
Restore:Cancels a new or modified policy. |
 |
Save:Saves the policy. Changes take effect only after saving. |
 |
Allow:Indicates the policy mode is Allow. |
 |
Deny:Indicates the policy mode is Deny. |
 |
Ignore:Indicates the policy mode is Ignore. |
 |
No Action:Indicates the policy mode is No Action. |
 |
Alert:The policy triggers an alert. |
 |
Warning:The policy triggers a warning. |
 |
Lock Computer:The policy locks the client computer. |
 |
Expiration:The policy has a set expiration time. |