Configuring Device Control

  1. Go to the Configure Policy screen by performing one of the following:
    • Classic Mode: Go to SECURITY AGENTS and select a group. Click > Configure Policy.

    • Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.

  2. Click Windows.
  3. Go to Device Control.
  4. Under Device Control, enable the feature and configure the required settings.
  5. In the Storage Devices section:
    1. Select a permission for each storage device.
      Table 1. Device Control Permissions

      Permissions

      Files on the Device

      Incoming Files

      Full access

      Permitted operations: Copy, Move, Open, Save, Delete, Execute

      Permitted operations: Save, Move, Copy

      This means that a file can be saved, moved, and copied to the device.

      Modify

      Permitted operations: Copy, Move, Open, Save, Delete

      Prohibited operations: Execute

      Permitted operations: Save, Move, Copy

      Read and execute

      Permitted operations: Copy, Open, Execute

      Prohibited operations: Save, Move, Delete

      Prohibited operations: Save, Move, Copy

      Read

      Permitted operations: Copy, Open

      Prohibited operations: Save, Move, Delete, Execute

      Prohibited operations: Save, Move, Copy

      List device content only

      Prohibited operations: All operations

      The device and the files it contains are visible to the user (for example, from Windows Explorer).

      Prohibited operations: Save, Move, Copy

      Block

      (Not available for network drives)

      Prohibited operations: All operations

      The device and the files it contains are not visible to the user (for example, from Windows Explorer).

      Prohibited operations: Save, Move, Copy

      If you selected to restrict access to any storage device, the Configure allowed programs link appears. For USB storage devices, if you selected Block or Read, the Configure permission for allowed USB devices link appears.

    2. Click Configure allowed programs to configure a list of programs that Device Control does not restrict access on any device type.

      For more information, see Configuring the Allowed Program List.

    3. Click Configure permission for allowed USB devices to specify the access level Device Control permits to users accessing the allowed USB devices.
    4. Select Block the AutoRun function on USB storage devices to prevent programs saved on USB devices from executing automatically.
  6. In the Mobile Devices and Non-Storage Devices sections, select a permission for each device.
  7. Click Save.