Access rules comprise a group of settings that determine which users can access devices that are installed or connected to the computer. You cannot add a device that is outside of Device Control classification. Access to such devices is allowed for all users.
Device Access Rules
The group of settings for an access rule differs depending on the type of device (see the table below).
Access rule settings
Devices |
Access control |
Schedule for access to a device |
Assignment of users and/or a group of users |
Priority |
Read/write permission |
---|---|---|---|---|---|
Hard drives |
|||||
Removable drives |
|||||
Floppy disks |
|||||
CD/DVD drives |
|||||
Portable devices (MTP) |
|||||
Printers |
– |
– |
– |
– |
|
Modems |
– |
– |
– |
– |
|
Tape devices |
– |
– |
– |
– |
|
Multifunctional devices |
– |
– |
– |
– |
|
Smart card readers |
– |
– |
– |
– |
|
Windows CE USB ActiveSync devices |
– |
– |
– |
– |
|
External network adapters |
– |
– |
– |
– |
|
Bluetooth |
– |
– |
– |
– |
|
Cameras and scanners |
– |
– |
– |
– |
Mobile device access rules
Mobile devices running Android or iOS are categorized as portable devices (MTP). When a mobile device is connected to the computer, the operating system determines the device type. If Android Debug Bridge (ADB), iTunes or their equivalent applications are installed on the computer, the operating system identifies mobile devices as ADB or iTunes devices. In all other cases, the operating system may identify the mobile device type as a portable device (MTP) for file transfer, a PTP device (camera) for image transfer, or another device. The device type depends on the model of the mobile device.
Please note the following special considerations regarding access to ADB- or iTunes devices:
By default, access rules grant all users full access to the devices at all times, if access to the connection buses for the corresponding types of devices is allowed (the status).
Access rules for Wi-Fi networks
A Wi-Fi network access rule determines whether the use of Wi-Fi networks is allowed (the status) or forbidden (the status). You can add a trusted Wi-Fi network (the status) to a rule. Use of a trusted Wi-Fi network is allowed without limitations. By default, a Wi-Fi network access rule allows access to any Wi-Fi network.
Connection bus access rules
Connection bus access rules determine whether the connection of devices is allowed (the status) or forbidden (the status). Rules that allow access to buses are created by default for all connection buses that are present in the classification of the Device Control component.
Keyboard and mouse cannot be locked using Device Control. If you prohibit access to the USB connection bus, the user will continue to work with a keyboard and mouse connected via USB. The BadUSB Attack Prevention component is designed to prevent infected USB devices imitating keyboards from connecting to the computer.
Page top