Device Control Settings
The 'Device Control Settings' section allows you to configure which types of external devices are allowed to connect to an endpoint. Device Control Settings can also be configured as part of an ITSM profile.
- To open device control, click: Tasks > Advanced Tasks > Open Advanced Settings > Security Settings > Advanced Protection > Device Control:
- Enable Device Control - Enable or disable device control functionality. If enabled you should specify banned device types in the 'Blocked Devices' section (Default = Enabled)
- Log Detected Devices – If enabled, CCS will log events by external devices (Default = Disabled)
- Show Notifications when devices are being disabled or enabled - Will show an alert whenever an external device is connected or disconnected. (Default = Disabled)
- Blocked Devices – Lists external device classes which are not allowed to connect to the endpoint. Example classes include 'USB Storage Devices', 'CD/DVD Drives', 'BlueTooth Devices' and 'Firewire Devices'.
- Exclusions – Allows you to add specific devices which are exceptions to a blocked class. For example, if you wish block the class 'USB Devices' but wish to allow access for your company's authentication tokens, then you should add those USB tokens as exceptions.
General Navigation:
Clicking the handle at the bottom of the interface opens the following controls:
- Add - Allows the user to Add a new device or device class.
- Remove – Deletes the selected device or device class.
- Click 'OK' to save your settings.
To block a device class and specify exceptions:
- Click the handle at the bottom of the interface and then click the 'Add' button.
- This will open the 'Select device classes' screen:
-
Choose the type of device you wish to block. For example, USB devices, Bluetooth devices or firewire devices.
- Click 'OK'
If you want to allow access to specific devices that fall within a blocked device class:
- Make sure the external device is connected to the computer
- Click the 'Exclusions' Tab
- Click the handle at the bottom then 'Add'
- Click 'Add existing device' from the options
The 'Select
devices' screen will be displayed:
- Click the '+' sign of the class to which your device belongs
- Select the device(s) you wish to exclude
- Click 'OK' in the screen and again 'OK' in the 'Advanced Settings' interface.
You can also add exclusions by using the wildcard character - ' * '. For example, say you wanted to block all USB storage devices apart from a specific type of SANDISK devices that is used by your company. You could specify a device exclusion ID of 'USBSTORDISK&VEN_SANDISK4C5310*'.
- To add exclusions by using wildcard characters, click the 'Exclusions' tab
- Click
the handle at the bottom then 'Add'
from the options:
- Click 'Add custom device' from the options
- Enter the unique device identifier in the 'Device ID' field, for example to exclude all USB storage devices whose device IDs start with “4C5310”, you could enter: USBSTORDISK&VEN_SANDISK4C5310*
- Click 'OK' in the screen and again 'OK' in the 'Advanced Settings' interface.