The table describes all available values and the default values of all the settings that you can specify for the Device Control task.
|
|
|
Setting
|
Description
|
Values
|
OperationMode
|
Response to attempts to access a device that is restricted according to Device Control rules.
|
Block (default value) – the application applies the access mode defined for the device or bus.
Notify – the application tests the selected access mode and generates an event about the detection of an attempt to access a device.
|
The [DeviceClass] section contains access modes for devices depending on their type.
|
HardDrive
|
Access mode for the hard drives connected to a client device.
|
Allow — Users are allowed access to hard drives.
DependsOnBus (default): access to the hard drive depends on the access mode defined for the bus through which it is connected.
Block — Access to all hard drives (except system hard drives, which are never blocked by the Device Control) is blocked for users.
ByRule — Access to the hard drives depends on the access rules.
|
RemovableDrive
|
Access mode for the removable drives connected to a client device.
|
Allow — Access to the removable drives is allowed for users.
DependsOnBus (default): access to the removable drive depends on the access mode defined for the bus through which it is connected.
Block — Access to the removable drives is blocked for users.
ByRule — Access to the removable drives depends on the access rules.
|
FloppyDrive
|
Access mode for the floppy disks connected to a client device.
The application does not block floppy disks connected to the client device using the ISA bus.
|
Allow — Users are allowed access to floppy disks.
DependsOnBus (default): access to the floppy disk depends on the access mode defined for the bus through which it is connected.
Block — Access to floppy disks is blocked for users.
ByRule — Access to floppy disks depends on the access rules.
|
OpticalDrive
|
Access mode for the CD/DVD drives connected to a client device.
|
Allow — Users are allowed access to CD/DVD drives.
DependsOnBus (default): access to the CD/DVD drive depends on the access mode defined for the bus through which it is connected.
Block — Access to CD/DVD drives is blocked for users.
ByRule — Access to CD/DVD drives depends on the access rules.
|
SerialPortDevice
|
Access mode for the devices connected to a client device via a serial port.
The application does not block the devices connected to a client device via a serial port using the ISA bus.
|
Allow — Users are allowed access to devices connected through a serial port.
DependsOnBus (default): access to a device connected through a serial port depends on bus access mode.
Block — Access to devices connected through a serial port is blocked for users.
|
ParallelPortDevice
|
Access mode for the devices connected to a client device via a parallel port.
|
Allow — Users are allowed access to devices connected through a parallel port.
DependsOnBus (default): access to a device connected through a parallel port depends on bus access mode.
Block — Access to devices connected through a parallel port is blocked for users.
|
Printer
|
Access mode for the printers connected to a client device.
|
Allow — Users are allowed access to printers.
DependsOnBus (default): access to a printer depends on the access mode defined for the bus through which it is connected.
Block — Access to printers is blocked for users.
|
Modem
|
Access mode for the modems connected to a client device.
|
Allow — Users are allowed access to modems.
DependsOnBus (default): access to a modem depends on the access mode defined for the bus through which it is connected.
Block — Access to modems is blocked for users.
|
TapeDrive
|
Access mode for the tape devices connected to a client device.
|
Allow — Users are allowed access to tape devices.
DependsOnBus (default): access to a tape device depends on the access mode defined for the bus through which it is connected
Block — Access to tape devices is blocked for users.
|
MultifuncDevice
|
Access mode for the multifunctional devices connected to a client device.
|
Allow — Users are allowed access to multifunctional devices.
DependsOnBus (default): access to a multifunctional device depends on the access mode defined for the bus through which it is connected.
Block — Access to multifunctional devices is blocked for users.
|
SmartCardReader
|
Access mode for the smart card readers connected to a client device.
|
Allow — Access to smart card readers is allowed for users.
DependsOnBus (default): access to a smart card reader depends on the access mode defined for the bus through which it is connected.
Block — Access to smart card readers is blocked for users.
|
WiFiAdapter
|
Access mode for the Wi-Fi adapters connected to a client device.
|
Allow — Users are allowed access to Wi-Fi adapters.
DependsOnBus (default): access to a Wi-Fi adapter depends on connection bus access mode.
Block — Access to the Wi-Fi adapters is blocked for users.
|
NetworkAdapter
|
Access mode for the external network adapters connected to a client device.
|
Allow — Users are allowed access to external network adapters.
DependsOnBus (default): access to an external network adapter depends on the access mode defined for the bus through which it is connected.
Device Control does not allow denying access to external network adapters in order to avoid disconnecting the client device from the network.
|
PortableDevice
|
Access mode for the portable devices connected to a client device.
|
Allow — Users are allowed access to portable devices.
DependsOnBus (default): access to a portable device depends on the access mode defined for the bus through which it is connected.
Block — Access to portable devices is blocked for users.
|
BluetoothDevice
|
Access mode for the Bluetooth devices connected to a client device.
|
Allow — Users are allowed access to Bluetooth devices.
DependsOnBus (default): access to a Bluetooth device depends on the access mode defined for the bus through which it is connected.
Block — Access to Bluetooth devices is blocked for users.
|
ImagingDevice
|
Access mode for the imaging devices connected to a client device.
|
Allow —Access to all imaging devices is allowed for users.
DependsOnBus (default): access to an imaging device depends on the access mode defined for the bus through which it is connected.
Block —Access to all imaging devices is blocked for users.
|
SoundAdapter
|
Access mode for the sound adapters connected to a client device.
|
Allow —Access to all sound adapters is allowed for users.
DependsOnBus (default): access to a sound adapter depends on the access mode defined for the bus through which it is connected.
Block —Access to all sound adapters is blocked for users.
|
InputDevice
|
Access mode for the input devices (keyboards, mouse, touchpad, and others) connected to a client device.
|
Allow — Users are allowed access to input devices.
DependsOnBus (default): access to an input device depends on the access mode defined for the bus through which it is connected.
Block — Access to input devices is blocked for users.
|
The [DeviceBus] section contains access modes for connection buses.
|
USB
|
Access mode for devices connected to the client device via USB.
|
Allow (default value) — Users are allowed access to USB-devices.
Block — Access to USB-devices is blocked for users.
|
FireWire
|
Access mode for devices connected to the client device via FireWire.
|
Allow (default value) — Users are allowed access to devices connected via the FireWire interface.
Block — Access to devices connected via the FireWire interface is blocked for users.
|
The [TrustedDevices.item_ #] section contains trusted devices.
|
DeviceId
|
Specifies ID or ID mask of a trusted device.
|
You can use the masks * (any sequence of characters) or ? (any single character) to indicate the device ID.
Examples:
To deny access to all USB devices except the specified one, specify the following settings:
In the [DeviceBus] section, specify USB=Block
In the [TrustedDevices.item_#] section, specify DeviceId=<device ID>
To deny access to all USB devices, but allow access to all USB drives, specify the following settings:
In the [DeviceBus] section, specify USB=Block
In the [TrustedDevices.item_#] section, specify DeviceId=USBSTOR*
|
|
Comment
|
Comment to the specified trusted device.
|
—
|
The [Schedules.item_#] section contains the device access schedule. You can configure a schedule only for hard drives, removable drives, floppy disks, and CD/DVD drives.
|
ScheduleName
|
Specifies a schedule name.
The schedule name must be unique.
|
The default value: Default .
The Default schedule provides users full access to devices at any time if the connection bus is allowed to access the corresponding device type.
You cannot delete the Default schedule.
|
DaysHours
|
Specifies time intervals for a schedule.
|
All (default value) — The schedule is valid 24/7 (no time limitation).
< week_day > — Days of the week. You can use either the full week day names or abbreviations (for example, for Monday, you can specify Mo , or Mon , or Monday ). For week days, you can specify intervals or specific days. The week starts from Sunday.
< hour > — Hours [0:24]. You can specify only intervals for hours.
Examples:
Schedule_1 is valid from Sunday till Saturday from 0 a.m. to 11 a.m., from 12 p.m. to 3 p.m., and from 4 p.m. to 12 a.m.:
[Schedules.item_0001]
ScheduleName=schedule_1
DaysHours=Su-Sa:0..11,12..15,16..24
Schedule_2 is valid for the following intervals: on Thursdays from 12 p.m. to 2 p.m. and on Fridays from 2 a.m. to 3 p.m. and from 4 p.m. to 12 a.m.:
[Schedules.item_0002]
ScheduleName=schedule_2
DaysHours=Th:12..14;Fr:2..15,16..24
Schedule_3 is valid 24 hours 7 days a week:
[Schedules.item_0003]
ScheduleName=schedule_3
DaysHours=All
|
|
The [HardDrivePrincipals.item_#] section contains hard drive access rules.
For hard drives, at least one schedule must always be enabled. You can assign several access rules to a hard drive. Also, multiple schedules can be specified for a user or group of users. If an access rule conflict occurs for a user or group, the minimum access rights are granted.
|
Principal
|
Specifies a user or group of users for whom the access rule is applied.
|
\Everyone (default value) — The access rule applies to all users.
< user name > — Name of the user to whom the access rule applies.
@< group name > — Name of the group of users to whom the access rule applies.
|
[HardDrivePrincipals.item_#.AccessRules.item_#]
|
Access rule settings.
|
—
|
UseRule
|
Specifies whether the rule is enabled or disabled.
|
Yes (default value) — The access rule is enabled.
No — The access rule is disabled.
|
ScheduleName
|
Schedule specified in the [Schedules.item_#] section.
|
The default value: Default .
|
Access
|
Specifies access type.
|
Allow (default value) — Access to hard drives is allowed.
Block — Access to hard drives is blocked.
|
The [RemovableDrivePrincipals.item_#] section contains the access rules for removable drives.
For removable drives, at least one schedule must always be enabled. You can assign several access rules to a removable drive. Also, multiple schedules can be specified for a user or group of users. If an access rule conflict occurs for a user or group, the minimum access rights are granted.
|
Principal
|
Specifies a user or group of users for whom the access rule is applied.
|
\Everyone (default value) — The access rule applies to all users.
< user name > — Name of the user to whom the access rule applies.
@< group name > — Name of the group of users to whom the access rule applies.
|
[RemovableDrivePrincipals.item_#.AccessRules.item_#]
|
Access rule settings.
|
—
|
UseRule
|
Specifies whether the rule is enabled or disabled.
|
Yes (default value) — The access rule is enabled.
No — The access rule is disabled.
|
ScheduleName
|
Schedule specified in the [Schedules.item_#] section.
|
The default value: Default .
|
Access
|
Specifies access type.
|
Allow (default value) — Access to removable drives is allowed.
Block — Access to removable drives is blocked.
|
The [FloppyDrivePrincipals.item_#] section contains access rules for floppy drives.
For floppy drives, at least one schedule must always be enabled. You can assign several access rules to a floppy drive. Also, multiple schedules can be specified for a user or group of users. If an access rule conflict occurs for a user or group, the minimum access rights are granted.
|
Principal
|
Specifies a user or group of users for whom the access rule is applied.
|
\Everyone (default value) — The access rule applies to all users.
< user name > — Name of the user to whom the access rule applies.
@< group name > — Name of the group of users to whom the access rule applies.
|
[FloppyDrivePrincipals.item_#.AccessRules.item_#]
|
Access rule settings.
|
—
|
UseRule
|
Specifies whether the rule is enabled or disabled.
|
Yes (default value) — The access rule is enabled.
No — The access rule is disabled.
|
ScheduleName
|
Schedule specified in the [Schedules.item_#] section.
|
The default value: Default .
|
Access
|
Specifies access type.
|
Allow (default value) — Access to floppy drives is allowed.
Block — Access to floppy drives is blocked.
|
The [OpticalDrivePrincipals.item_#] section contains the access rules for CD/DVD drives.
For CD/DVD drives, at least one schedule must always be enabled. You can assign several access rules to a CD/DVD drive. Also, multiple schedules can be specified for a user or group of users. If an access rule conflict occurs for a user or group, the minimum access rights are granted.
|
Principal
|
Specifies a user or group of users for whom the access rule is applied.
|
\Everyone (default value) — The access rule applies to all users.
< user name > — Name of the user to whom the access rule applies.
@< group name > — Name of the group of users to whom the access rule applies.
|
[OpticalDrivePrincipals.item_#.AccessRules.item_#]
|
Access rule settings.
|
—
|
UseRule
|
Specifies whether the rule is enabled or disabled.
|
Yes (default value) — The access rule is enabled.
No — The access rule is disabled.
|
ScheduleName
|
Schedule specified in the [Schedules.item_#] section.
|
The default value: Default .
|
Access
|
Specifies access type.
|
Allow (default value) — Access to CD/DVD drives is allowed.
Block — Access to CD/DVD drives is blocked.
|