About policies

Applies To: Forefront Client Security

A Client Security policy is a collection of settings that you can apply to many client computers. You can create, modify, and delete policies using the Policy Management tab in the Client Security console.


Client Security supports policy management by only one instance of the console at a time.

Creating a policy does not enforce the policy's settings. To make the settings within a policy take effect on client computers, you must deploy the policy. Deployment is the process of specifying which computers the policy affects, deciding which deployment method to use, and using that method to apply the policy to the client computers.

Policy management

You must use the Policy Management tab on the Client Security console for all policy management. Using the Policy Management tab, you can create, edit, and delete policies.

Client Security does not support command-line management or third-party management of Client Security policies.

Deployment methods

The recommended method of deploying Client Security policies is Group Policy. Group Policy provides a mechanism for distributing Client Security policies to client computers.

If your organization does not use Group Policy, you can deploy Client Security policies as registry files. This method requires that you develop a means of making available to client computers the registry files that Client Security creates. It also requires that on every client computer to which you deploy a registry-file policy, you execute a small application. The application ensures that all registry settings are updated correctly when you deploy, redeploy, or undeploy a policy with this method.

For more information about policy deployment, see Deploying and undeploying policies.