There is a list of device types for which you can define
user-level permissions.
NOTE: When you set permissions for a device type, you set
these permissions for every device belonging to that type. It is
impossible to set different permissions for two different devices
if they are of the same type (e.g. both are removable drives). To
define different permissions for USB devices even if they are of
the same type, use theWhite List function.
There are two levels of control: the interface (port) level and
the type level. Some devices are checked at both levels, while
others only at the one level - either interface (port) or
type.
DeviceLock supports the following types of devices:
BlackBerry (type level) -
includes all BlackBerry devices with any type of connection
interface (USB, Bluetooth) to the computer.
Bluetooth (type level) -
includes all internal and external Bluetooth devices with any type
of the connection interface (USB, PCMCIA, etc.) to the
computer.
Clipboard - includes the
Windows Clipboard. DeviceLock controls paste operations for data
placed on the clipboard.
FireWire port (interface
level) - includes all devices that can be plugged into the FireWire
(IEEE 1394) port, except the hub devices.
Floppy (type level) -
includes all internal and external floppy drives with any
connection interface (IDE, USB, PCMCIA, etc.). It is possible that
some non-standard floppy drives are recognized by Windows as
removable devices, in this case DeviceLock treats such floppy
drives as the Removable type as well.
Hard disk (type level) -
includes all internal hard drives with any connection interface
(IDE, SATA, SCSI, etc). DeviceLock treats all external USB,
FireWire and PCMCIA hard drives as the Removable type. Also,
DeviceLock treats as Removable some internal hard drives
(usually SATA and SCSI) if they support the hot plug feature and
Windows is not installed and running on them.
NOTE: Even
if you deny access to the Hard disk type, users with local
administrative privileges (the SYSTEM user and members of the local
Administrators group) still can access the partition where Windows
is installed and running.
Infrared port (interface
level) - includes all devices that can be connected to the computer
via the infrared (IrDA) port.
iPhone (type level) -
includes all iPhone, iPod Touch, and iPad devices. DeviceLock
controls iPhone, iPod Touch, and iPad devices that are working with
a PC through the iTunes application or its API.
MTP (type level) - includes
all devices (such as Android smartphones, etc.) that are working
with a PC through the Media Transfer Protocol.
Optical Drive (type level) -
includes all internal and external CD/DVD/BD devices (readers and
writers) with any connection interface (IDE, SATA, USB, FireWire,
PCMCIA, etc).
Palm (type level) - includes
all Palm OS devices with any type of connection interface (USB,
COM, IrDA, Bluetooth, WiFi) to the computer. DeviceLock controls
Palm OS devices that are working with a PC through the HotSync
application.
Parallel port (interface
level) - includes all devices that can be connected to the computer
via the parallel (LPT) ports.
Printer - (type level) -
includes all local and network printers with any type of connection
interface (USB, LPT, Bluetooth, etc) to the computer. DeviceLock
can even optionally control virtual printers which do not send
documents to real devices, but instead print to files (e.g. PDF
converters).
Removable (type level) -
includes all internal and external devices with any connection
interface (USB, FireWire, PCMCIA, IDE, SATA, SCSI, etc) that are
recognized by Windows as removable devices (e.g. USB flash drives,
ZIP drives, card readers, magneto-optical drives, etc.). DeviceLock
treats all external USB, FireWire and PCMCIA hard drives as the
Removable type as well. Also, DeviceLock treats as
Removable some internal hard drives (usually SATA and SCSI)
if they support the hot plug feature and Windows is not installed
and running on them.
Serial port (interface
level) - includes all devices that can be connected to the computer
via the serial (COM) ports, including internal modems.
Tape (type level) - includes
all internal and external tape drives with any connection interface
(SCSI, USB, IDE, etc).
TS Devices (interface level)
- includes mapped drives (all hard, removable and optical drives),
serial ports, USB devices and the clipboard redirected from remote
terminals to virtual application or desktop sessions, as well as to
virtual desktops that run in the server host environment.
DeviceLock controls device, port and terminal clipboard
redirections via Microsoft RDP, Citrix ICA, VMware PCoIP,
HTML5/WebSockets remoting protocols in Microsoft RDS, Citrix
XenDesktop, Citrix XenApp, Citrix XenServer and VMware View
virtualization environments. In addition, for a guest Windows
system that runs in VMware Workstation, VMware Player, Oracle VM
VirtualBox or Windows Virtual PC virtualization solutions
DeviceLock controls data copy operations between its Windows
Clipboard and the clipboard of the host operating system.
USB port (interface level) -
includes all devices that can be plugged into the USB port, except
the hub devices.
WiFi (type level) - includes
all internal and external WiFi devices with any type of connection
interface (USB, PCMCIA, etc.) to the computer.
NOTE: Using
the WiFi type you can control user access to the hardware device
but not to the network.
Windows Mobile (type level)
- includes all Windows Mobile devices with any type of connection
interface (USB, COM, IrDA, Bluetooth, WiFi) to the computer.
DeviceLock controls Windows Mobile devices that are working with a
PC through the Windows Mobile Device Center (WMDC) or Microsoft
ActiveSync application or its API.
NOTE: You can define different online vs. offline
permissions for the same user or sets of users. Online permissions
(Regular Profile) apply to client computers that are working
online. Offline permissions (Offline Profile) apply to client
computers that are working offline. By default, DeviceLock works in
offline mode when the network cable is not connected to the client
computer. For more information on DeviceLock offline policies, see
"DeviceLock
Security Policies (Offline Profile)."
To set permissions for a device type, highlight it (use
Ctrl and/or Shift
to select several types simultaneously)
and select Set Permissions or Set Offline Permissions
from the context menu available by a right mouse click.
Alternatively, you can press the appropriate button on the
toolbar.
In DeviceLock Group Policy Manager and DeviceLock Service Settings
Editor, if you want to
reset online (regular) permissions to theunconfigured state,
select Undefine
from the context menu.
If you want to reset previously set offline permissions to the
unconfigured state, select Undefine
Offline from the context
menu. If offline
permissions are undefined, regular permissions are applied to
offline client computers.
In DeviceLock Group Policy Manager and DeviceLock Service Settings
Editor,
if you want to block the
inheritance of offline permissions and enforce regular permissions,
select Remove Offline from the context
menu.