Decide whether to change default user security attributes in the policy.conf(4) and the label_encodings(4) files. See "Managing Default User Security Attributes" for a description of the defaults.
Decide which startup files, if any, should be copied or linked from each user's minimum-label home directory SLD to the user's higher SLDs. See "To Set Up Startup Files for Users" for the procedure.
Decide whether to permit sourcing of shell initialization files and what content you want to provide. See "Managing Initialization Files".
Decide whether to allow users to remotely log in from the command line. Users who are permitted to remotely log in from the command line require a rights profile that contains the appropriate authorization. The machines themselves must also be enabled for remote login. See "Managing Remote Logins" for a discussion of remote logins.
Decide if users can access peripheral system devices, like the microphone, CD-ROM drive, and tape drive.
If access is permitted to some users, decide if your site requires additional authorizations to satisfy site security. See "Authorizing Device Allocation" for the default list of device-related authorizations. "Adding New Authorizations" describes a finer-grained set of device authorizations, and "To Add an Authorization to the Environment" describes how to implement the new authorizations.
Decide whether to control a device differently when it is allocated remotely or locally. See Table 12-2 for an example of handling remote and local device allocation differently. The example requires the Security Administrator to create new authorizations.