Policy-management vendor FullArmor Monday released software designed to extend policy enforcement to devices and machines that sporadically attach to a corporation’s network.

As more and more users begin to use policy to manage user access and privileges, those users are finding gaps in their policy enforcement. Full Armor’s Endpoint Policy Manager (EPM), which integrates with Active Directory and its Group Policy infrastructure, is targeted at closing those gaps so devices and computers coming into the network are subjected to the same policy controls as machines that are continuously connected.

“We found some dead spots where we don’t have any auditing or application of policy, whether it be no policy applied whatsoever, or the policy is applied once and not updated,” said a global IT manager for a pharmaceutical company who asked that his name and the name of the company not be revealed. The manager said policy enforcement is essential for the 100,000 devices on his network given heavy regulations in the pharmaceutical industry.

“We don’t want to take any chances. We need to be assured that policies are in place. One small slip could ultimately mean $30 million in lost revenue,” the manager says.

The manager says his evaluation of EPM includes interrogating devices as they come on the network to make sure policies are applied. If policies are absent, EPM applies the policies. If the policies are applied to guest machines, the software removes the policies from those machines before they log out.

The manager says he is also testing network access-control software, including Microsoft’s Network Access Protection slated to ship with Longhorn Server and Cisco’s Network Access Control software, but that something needs to be in place immediately.

FullArmor’s EPM works with remote desktops, laptops, mobile devices, and point-of-sale terminals. Policies are set based on a user’s role and/or state. For example, an authorized guest machine logging onto the network might find policy settings but no user settings, while an authorized user connecting via a Windows Mobile device might get user policies but not device policies.

The software’s auditing and reporting capabilities lets users search and correlate policy setting across all machines, verify that correct policies were applied and review exceptions.