Configuring Device Control

  1. Go to Devices.
  2. Select a desktop or server group.
  3. Click Configure Policy.

    The Configure Policy: <group name> screen appears.

  4. Click Device Control.
  5. Update the following as required:
    • Enable Device Control

    • Enable USB Autorun Prevention

    • Permissions: Set for both USB devices and network resources.

      Table 1. Device Control Permissions

      Permissions

      Files on the Device

      Incoming Files

      Full access

      Permitted operations: Copy, Move, Open, Save, Delete, Execute

      Permitted operations: Save, Move, Copy

      This means that a file can be saved, moved, and copied to the device.

      No access

      Prohibited operations: All operations

      The device and the files it contains are visible to the user (for example, from Windows Explorer).

      Prohibited operations: Save, Move, Copy

      Read

      Permitted operations: Copy, Open

      Prohibited operations: Save, Move, Delete, Execute

      Prohibited operations: Save, Move, Copy

      Modify

      Permitted operations: Copy, Move, Open, Save, Delete

      Prohibited operations: Execute

      Permitted operations: Save, Move, Copy

      Read and execute

      Permitted operations: Copy, Open, Execute

      Prohibited operations: Save, Move, Delete

      Prohibited operations: Save, Move, Copy

    • Exceptions: If a user is not given read permission for a particular device, the user will still be allowed to run or open any file or program in the Approved List.

      However, if AutoRun prevention is enabled, even if a file is included in the Approved List, it will still not be allowed to run.

      To add an exception to the Approved List, enter the file name including the path or the digital signature and click Add to the Approved List.

  6. Click Save.