An administrator uses the Permissions dialog to create and manage permission rules for devices and associate these rules with user and user group access rights.
The Permissions dialog is the primary tool that an administrator uses to:
- Assign and manage user access permission rules for devices connected to client computers.
- Force encryption of removable storage media that users are permitted to access.
The Permissions dialog is composed of five panels:
The following tables described the Permissions dialog panels.
|Name||Shows the name of the user or user group.|
|Location||Shows the user domain or work group name.|
|Permissions||Lists the rules defined by the Permissions panel.|
|Priority||Shows the permission priority specified as High or Low.|
|Filters||Shows the file types that the user or user group can access.|
|Scope||Shows the permission defined in the Encryption, Bus, and Drive panels.|
|Read||A user or user group has read access.|
|Write||A user or user group has write access.|
|Encrypt||A user or user group can encrypt devices.|
|Decrypt||A user or user group can decrypt an encrypted device.|
|Export to file||The passphrases or public keys from user certificates are used to create a symmetric key for device encryption. When the Self Contained Encryption option is selected, the encryption key can be stored in a separate file and password protected. This is the most secure method, because the encryption key and the encrypted data can be transported separately.|
|Export to media||The passphrases or public keys from user certificates are used to create the symmetric key used to encrypt a device. When the Self Contained Encryption option is selected, the encryption key can be stored on the same device used for encryption and password protected. The only protection of the data is the password itself.|
|Import||When the Self Contained Encryption option is selected, a user can access encrypted media by specifying a separate key file, which is not stored on the encrypted media, and providing the associated password.|
Restriction: Permission to Encrypt, Decrypt, Export to file, Export to media, and Import is available only for the Removable Storage Devices class.
|Self Contained Encryption||The assigned Permissions apply to the device when encrypted with Device Control self-contained encryption technology.|
|BitLocker Encryption||The assigned Permissions apply to the device when encrypted with BitLocker Drive Encryption.|
|Unencrypted (Unencrypted or unknown encryption type)||The assigned Permissions apply to the device when unencrypted or encrypted with an unsupported technology.|
|All||Permissions apply when a device is connected through any bus connection.|
|USB||Permissions apply when a device is connected through a USB 1.1 and 2.0 or higher standard interface.|
|Firewire||Permissions apply when a device is connected through a Firewire IEEE 1394 standard interface.|
|ATA/IDE||Permissions apply when a device is connected through the ATA/IDE, SDATA-1, SATA-2 and eSATA variants interfaces.|
|SCSI||Permissions apply when a device is connected through the SCSI narrow, wide and ultra variants interfaces.|
|PCMCIA||Permissions apply when a device is connected through the PCMCIA CARDBUS interface, including the Expresscard/34 and /54 variants.|
|Bluetooth||Permissions apply when a device is connected through the Bluetooth standard interface.
A Bluetooth device must be restarted for a permission change to take effect.
|IrDA||Permissions apply when a device is connected through the IrDA (infrared) standard interface.|
Restriction: Only standard interface types supported by the device class you select are available for defining permissions.
|Both||Permission rules apply to the hard drive and non-hard drive for the device class selected.|
|Hard Drive||Permission rules apply only to the hard drive for the device class selected.|
|Non-Hard Drive||Permission rules apply to the non-hard drive for the device class (including Removable Storage Devices) selected.|
- Default Settings Permissions Priority
- File Filters
- BitLocker Encrypted Devices
- Working with Custom File Types
- File Type Filtering and Data Loss Prevention Combination Matrix
- Assigning Permission to a BitLocker Encrypted Device
- Assign Permissions by Devices
- Assign Permission by Computers
- Manage Online Permission
- Manage Offline Permissions
- Assign Scheduled Permissions to Users
- Assign Temporary Permissions to Users
- Add Shadowing
- Manage Shadowing
- Add Copy Limit
- Remove Copy Limit
- Add Event Notification
- Manage Event Notification
- Creating a Data Loss Prevention (DLP) Filter
- Assigning a Data Loss Prevention Filter to a Specific User or Group