Add Shadowing

An administrator can establish visibility for the file content read from and written to devices connected to clients. This type of visibility is referred to as file shadowing.

File shadowing can be applied to the following device classes:

  • COM/Serial Ports
  • DVD/CD Drives

    When burning to a CD/DVD/BD, files burned only during a single/first session are shadowed.

  • LPT/Parallel Ports
  • Floppy Disk Drives
  • Printers

    You can assign shadowing only to the main printer class under default settings or to a special PC under machine-specific settings.
    Only print jobs sent to printers that use the Microsoft Windows Print Spooler service are shadowed.

  • Removable Storage Devices

You can also apply file shadowing to:

  • Device groups
  • Computer-specific devices or device model types
  1. In the Management Console, select View > Modules > Device Explorer.
  2. From the Default settings division of the Device Explorer hierarchy, right-click a device, device class, or device type.
  3. Select Add Shadow from the right-mouse menu.
  4. Click Add.
    The Select Group, User, Local Group, Local User dialog opens.
  5. Select the user or user group and click Next.
    The Choose Bus dialog opens.
  6. Select All or individual bus types.

    Important: The available bus types shown are dependent upon the device class you select. The Encryption panel is only active, with all options selected by default, for the Removable Storage Devices and DVD/CD Drives device classes.

  7. Select a Drive option.
  8. Click Next.
    The Choose Permissions dialog opens.
  9. In the Read and/or Write panels, choose one of the following options:
  10. Option Description
    Disabled File content copying is not active.
    FileName File content copying is not active; only the file name for a file copied to or from a device is saved in the Ivanti Device and Application Control database.
    Enabled File content copying is active.

    Restriction: Only the Write panel is active for the COM/Serial Ports, LPT/Parallel Ports and Printers device classes.

  11. Click Next.
  12. From the Finish dialog, click Finish.
    The shadow rule permission details are shown in the Permissions column of the Device Explorer hierarchical structure. The shadow permission details are displayed in the Permissions column of the Device Explorer module. A value of R means that shadowing is enabled for files read to and from the device, W means that it is on when files are written to and from the device; no letter means that shadowing is enabled for both reading and writing files. You can review shadowed files using the Log Explorer module.

Specifying where shadow files are stored

You can store shadow files that are generated separately from your other IDAC files by setting a location in the Windows registry, using the registry key Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sxs\parameters\TempFileDirectory.

Related Information:

Related Tasks: