About access rules

A device access rule is a group of settings that determine how users can access devices that are installed or connected to the computer. These settings include access to a specific device, an access schedule, and read or write permissions. You cannot add a device that is outside of Device Control classification. Access to such devices is allowed for all users.

Device Access Rules

The group of settings for an access rule differs depending on the type of device (see the table below).

Access rule settings

Devices

Access control

Schedule for access to a device

Assignment of users and/or a group of users

Priority

Read/write permission

Hard drives

Included icon.

Included icon.

Included icon.

Included icon.

Included icon.

Removable drives (including USB flash drives)

Included icon.

Included icon.

Included icon.

Included icon.

Included icon.

Floppy disks

Included icon.

Included icon.

Included icon.

Included icon.

Included icon.

CD/DVD drives

Included icon.

Included icon.

Included icon.

Included icon.

Included icon.

Portable devices (MTP)

Included icon.

Included icon.

Included icon.

Included icon.

Included icon.

Local printers

Included icon.

Included icon.

Included icon.

Network printers

Included icon.

Included icon.

Included icon.

Modems

Included icon.

Tape devices

Included icon.

Multifunctional devices

Included icon.

Smart card readers

Included icon.

Windows CE USB ActiveSync devices

Included icon.

External network adapters

Included icon.

Bluetooth

Included icon.

Cameras and scanners

Included icon.

Access rules for Wi-Fi networks

A Wi-Fi network access rule determines whether the use of Wi-Fi networks is allowed (the status) or forbidden (the status). You can add a trusted Wi-Fi network (the status) to a rule. Use of a trusted Wi-Fi network is allowed without limitations. By default, a Wi-Fi network access rule allows access to any Wi-Fi network.

Connection bus access rules

If Depends on connection bus value is selected for the access rule by device type, the application allows or denies access to the device depending on the connection interface. Rules that allow access to buses are created by default for all connection buses that are present in the classification of the Device Control component.

Connection bus access rules determine whether the connection of devices is allowed (the status) or forbidden (the status). The priority of device type access rules is higher than the priority of connection bus access rules.

Keyboard and mouse cannot be locked using Device Control. If you prohibit access to the USB connection bus, the user will continue to work with a keyboard and mouse connected via USB. The BadUSB Attack Prevention component is designed to prevent infected USB devices imitating keyboards from connecting to the computer.

Page top