Permissions Dialog

An administrator uses the Permissions dialog to create and manage permission rules for devices and associate these rules with user and user group access rights.

The Permissions dialog is the primary tool that an administrator uses to:

  • Assign and manage user access permission rules for devices connected to client computers.
  • Force encryption of removable storage media that users are permitted to access.

The Permissions dialog is composed of five panels:

  • User/Group
  • Permissions
  • Encryption
  • Bus
  • Drive

The following tables described the Permissions dialog panels.

Column Description
Name Shows the name of the user or user group.
Location Shows the user domain or work group name.
Permissions Lists the rules defined by the Permissions panel.
Priority Shows the permission priority specified as High or Low.
Filters Shows the file types that the user or user group can access.
Scope Shows the permission defined in the Encryption, Bus, and Drive panels.

 

Option Description
Read A user or user group has read access.
Write A user or user group has write access.
Encrypt A user or user group can encrypt devices.
Decrypt A user or user group can decrypt an encrypted device.
Export to file The passphrases or public keys from user certificates are used to create a symmetric key for device encryption. When the Self Contained Encryption option is selected, the encryption key can be stored in a separate file and password protected. This is the most secure method, because the encryption key and the encrypted data can be transported separately.
Export to media The passphrases or public keys from user certificates are used to create the symmetric key used to encrypt a device. When the Self Contained Encryption option is selected, the encryption key can be stored on the same device used for encryption and password protected. The only protection of the data is the password itself.
Import When the Self Contained Encryption option is selected, a user can access encrypted media by specifying a separate key file, which is not stored on the encrypted media, and providing the associated password.

Restriction: Permission to Encrypt, Decrypt, Export to file, Export to media, and Import is available only for the Removable Storage Devices class.

Option

Description

Self Contained Encryption The assigned Permissions apply to the device when encrypted with Device Control self-contained encryption technology.
BitLocker Encryption The assigned Permissions apply to the device when encrypted with BitLocker Drive Encryption.
Unencrypted (Unencrypted or unknown encryption type) The assigned Permissions apply to the device when unencrypted or encrypted with an unsupported technology.

 

Option Description
All Permissions apply when a device is connected through any bus connection.
USB Permissions apply when a device is connected through a USB 1.1 and 2.0 or higher standard interface.
Firewire Permissions apply when a device is connected through a Firewire IEEE 1394 standard interface.
ATA/IDE Permissions apply when a device is connected through the ATA/IDE, SDATA-1, SATA-2 and eSATA variants interfaces.
SCSI Permissions apply when a device is connected through the SCSI narrow, wide and ultra variants interfaces.
PCMCIA Permissions apply when a device is connected through the PCMCIA CARDBUS interface, including the Expresscard/34 and /54 variants.
Bluetooth Permissions apply when a device is connected through the Bluetooth standard interface.

A Bluetooth device must be restarted for a permission change to take effect.

IrDA Permissions apply when a device is connected through the IrDA (infrared) standard interface.

Restriction: Only standard interface types supported by the device class you select are available for defining permissions.

Options

Description

Both Permission rules apply to the hard drive and non-hard drive for the device class selected.
Hard Drive Permission rules apply only to the hard drive for the device class selected.
Non-Hard Drive Permission rules apply to the non-hard drive for the device class (including Removable Storage Devices) selected.

Related Information:

Related Tasks: