When Device Control is initially installed, all removable storage devices that belong to standard Microsoft Windows® device classes are identified and added to the database. You can set up and manage user access permission rules for the different models and specific device types using the Device Explorer.
Using the Device Explorer you can add devices and device types for computers and add computers that are not included in the Active Directory structure. You can define general user access permission policies based on the predefined device classes.
Restriction: You can add specific device models to all base device classes, except the PS/2 ports classes.
- Device Types Supported
Device Control supports a wide range of device types that represent key sources of confidential data security breaches. You can define user access permission at the device class level to restrict access to specific device types. Device Control can detect plug-and-play devices.
- Device Permission Default Settings
When Device Control is initially installed, default user access permission rules apply to all supported predefined device classes.
- Device Permission Restrictions
Based upon Microsoft® driver design or the device manufacturer design, some restrictions apply to devices when assigning user access permission.
- Add Computers
You can add computers to a domain group or computer workgroup in the Machine-specific settings structure of the Device Explorer.
- Create Computer Groups
You can create computer groups to organize computers into logical units that share unique device permissions for the group.
- View Hidden Computers
You can view computer group(s) to show any hidden computers when you want to change permissions, move the computer(s) to other groups, or remove the computer(s) from existing groups.
- Manage Computers
You can rename computer groups, device groups, and devices in a device class belonging to the default settings tree in the Device Explorer module.
- Create Device Groups
You can organize devices into logical groupings that can share unique user access permissions.
- Manage Devices
Within a device class, you can create groups that contain models or unique device IDs. Managing devices in groups reduces the administrative burden for assigning and tracking device permissions.
- Adding a Network Printer to Device Explorer
As network printers do not have unique ID, you must add them to the Printers device class in Device Explorer through a WRITE-DENIED event in the Log Explorer.
- Microsoft Virtual Desktop Infrastructure Limitations
Learn about the limitations of managing USB Virtual Devices in Microsoft VDI.