Use the Session Recording Policy Console to create and activate policies that determine which sessions are recorded.
You can activate system policies available when Session Recording is installed or create and activate your own custom policies. Session Recording system policies apply a single rule to all users, published applications, and servers. Custom policies specifying which users, published applications, and servers are recorded.
The active policy determines which sessions are recorded. Only one policy is active at a time.
Session Recording provides these system policies:
System policies cannot be modified or deleted.
When you create your own policy, you make rules to specify which users and groups, published applications, and servers have their sessions recorded. A wizard within the Session Recording Policy Console helps you create rules. To obtain the list of published applications and servers, you must have the site administrator read permission. Configure that on this site's Delivery Controller.
For each rule you create, you specify a recording action and a rule criteria. The recording action applies to sessions that meet the rule criteria.
For each rule, choose one recording action:
For each rule, choose at least one of the following to create the rule criteria:
When you create more than one rule in a recording policy, some sessions may match the criteria for more than one rule. In these cases, the rule with the highest priority is applied to the session.
The recording action of a rule determines its priority:
Some sessions may not meet any rule criteria in a recording policy. For these sessions, the recording action of the policies fallback rule applies. The recording action of the fallback rule is always Do not record. The fallback rule cannot be modified or deleted.
Using Active Directory Groups
Session Recording allows you to use Active Directory groups when creating policies. Using Active Directory groups instead of individual users simplifies creation and management of rules and policies. For example, if users in your company’s finance department are contained in an Active Directory group named Finance, you can create a rule that applies to all members of this group by selecting the Finance group within the rules wizard when creating the rule.
White Listing Users
You can create Session Recording policies that ensure that the sessions of some users in your organization are never recorded. This is called white listing these users. White listing is useful for users who handle privacy-related information or when your organization does not want to record the sessions of a certain class of employees.
For example, if all managers in your company are members of an Active Directory group named Executive, you can ensure that these users’ sessions are never recorded by creating a rule that disables session recording for the Executive group. While the policy containing this rule is active, no sessions of members of the Executive group are recorded. The sessions of other members of your organization are sessions recorded based on other rules in the active policy.
Create a new policy
Modify a policy
Delete a policy
When you activate a policy, the previously active policy remains in effect until the user’s session ends; however, in some cases, the new policy takes effect when the file rolls over. Files roll over when they have reached the maximum size limit. For information on maximum file sizes for recordings, see Specify file size for recordings.
The following table details what happens when you apply a new policy while a session is being recorded and a rollover occurs:
|If the previous policy was:||And the new policy is:||After a rollover the policy will be:|
|Do not record||Any other policy||No change. The new policy takes effect only when the user logs on to a new session.|
|Record without notification||Do not record||Recording stops.|
|Record with notification||Recording continues and a notification message appears.|
|Record with notification||Do not record||Recording stops.|
|Record without notification||Recording continues. No message appears the next time a user logs on.|