The Device Permissions Setup Process
After successfully installing Application Control, an administrator uses the Management Console to configure and define user access permissions and device permission rules required in an Ivanti Device and Application Control environment that specify which devices each user can access, as described by the following process flow.
- Define Console Administrators.
The Enterprise Administrator defines administrative roles for network Administrators that have restricted access to the Management Console.
- Define User Access.
After defining Administrator roles, the Enterprise Administrator assigns the roles to Administrators using the User Access tool.
- Add Domain and Workgroup Computers.
Administrators add computers to a domain group or computer workgroup in the Machine-specific settings structure of the Device Explorer.
- Add Devices, Groups, and Models.
Define user access permission rules for a devices, device classes, device groups, device models, and computers, by assigning one or more users or user groups to the devices. Initially, the default permissions for all devices that connect to a computer running the Ivanti Device and Application Control client is None, which means that all user access is denied.
- Add Permissions for Devices, Device Classes, Device Groups, Device Models, and Computers.
Assign permission rules for users to access devices, device classes, device groups, device models, and computers.
- Assign Computer-Specific Devices for Users and/or User Groups.
Assign computer-specific permission rules for users to access devices and device classes.
Permissions determine access to devices for authorized users or groups on any computer protected by Ivanti Device and Application Control. You can change rules to grant, extend, or deny permissions. You can allow access to CD/DVD-ROMs for specific users or groups that otherwise do not have access as defined by permissions policies, because users cannot use unauthorized CD/DVDs.