A device access rule is a group of settings that determine how users can access devices that are installed or connected to the computer. These settings include access to a specific device, an access schedule, and read or write permissions. You cannot add a device that is outside of Device Control classification. Access to such devices is allowed for all users.
Device Access Rules
The group of settings for an access rule differs depending on the type of device (see the table below).
Access rule settings
Devices |
Access control |
Schedule for access to a device |
Assignment of users and/or a group of users |
Priority |
Read/write permission |
---|---|---|---|---|---|
Hard drives |
|||||
Removable drives (including USB flash drives) |
|||||
Floppy disks |
|||||
CD/DVD drives |
|||||
Portable devices (MTP) |
|||||
Local printers |
– |
– |
|||
Network printers |
– |
– |
|||
Modems |
– |
– |
– |
– |
|
Tape devices |
– |
– |
– |
– |
|
Multifunctional devices |
– |
– |
– |
– |
|
Smart card readers |
– |
– |
– |
– |
|
Windows CE USB ActiveSync devices |
– |
– |
– |
– |
|
External network adapters |
– |
– |
– |
– |
|
Bluetooth |
– |
– |
– |
– |
|
Cameras and scanners |
– |
– |
– |
– |
Access rules for Wi-Fi networks
A Wi-Fi network access rule determines whether the use of Wi-Fi networks is allowed (the status) or forbidden (the status). You can add a trusted Wi-Fi network (the status) to a rule. Use of a trusted Wi-Fi network is allowed without limitations. By default, a Wi-Fi network access rule allows access to any Wi-Fi network.
Connection bus access rules
If Depends on connection bus value is selected for the access rule by device type, the application allows or denies access to the device depending on the connection interface. Rules that allow access to buses are created by default for all connection buses that are present in the classification of the Device Control component.
Connection bus access rules determine whether the connection of devices is allowed (the status) or forbidden (the status). The priority of device type access rules is higher than the priority of connection bus access rules.
Keyboard and mouse cannot be locked using Device Control. If you prohibit access to the USB connection bus, the user will continue to work with a keyboard and mouse connected via USB. The BadUSB Attack Prevention component is designed to prevent infected USB devices imitating keyboards from connecting to the computer.
Page top