Views:

Procedure

  1. Go to Devices.
  2. Select a desktop or server group.
  3. Click Configure Policy.
    The Configure Policy: <group name> screen appears.
  4. Click Device Control.
  5. Update the following as required:
    • Enable Device Control
    • Enable USB Autorun Prevention
    • Permissions: Set for both USB devices and network resources.

      Device Control Permissions

      Permissions
      Files on the Device
      Incoming Files
      Full access
      Permitted operations: Copy, Move, Open, Save, Delete, Execute
      Permitted operations: Save, Move, Copy
      This means that a file can be saved, moved, and copied to the device.
      No access
      Prohibited operations: All operations
      The device and the files it contains are visible to the user (for example, from Windows Explorer).
      Prohibited operations: Save, Move, Copy
      Read
      Permitted operations: Copy, Open
      Prohibited operations: Save, Move, Delete, Execute
      Prohibited operations: Save, Move, Copy
      Modify
      Permitted operations: Copy, Move, Open, Save, Delete
      Prohibited operations: Execute
      Permitted operations: Save, Move, Copy
      Read and execute
      Permitted operations: Copy, Open, Execute
      Prohibited operations: Save, Move, Delete
      Prohibited operations: Save, Move, Copy
    • Exceptions: If a user is not given read permission for a particular device, the user will still be allowed to run or open any file or program in the Approved List.
      However, if AutoRun prevention is enabled, even if a file is included in the Approved List, it will still not be allowed to run.
      To add an exception to the Approved List, enter the file name including the path or the digital signature and click Add to the Approved List.
  6. Click Save.