Permissions Dialog

An administrator uses the Permissions dialog to create and manage permission rules for devices and associate these rules with user and user group access rights.

The Permissions dialog is the primary tool that an administrator uses to:

  • Assign and manage user access permission rules for devices connected to client computers.
  • Force encryption of removable storage media that users are permitted to access.

The Permissions dialog is composed of five panels:

  • User/Group
  • Permissions
  • Encryption
  • Bus
  • Drive

The following tables describe the Permissions dialog panels.

Column

Description

Name

Shows the name of the user or user group.

Location

Shows the user domain or work group name.

Permissions

Lists the rules defined by the Permissions panel.

Priority

Shows the permission priority specified as High or Low.

Filters

Shows the file types that the user or user group can access.

Scope

Shows the permission defined in the Encryption, Bus, and Drive panels.

 

Option

Description

Read

A user or user group has read access.

Write

A user or user group has write access.

Encrypt

A user or user group can encrypt devices.

Decrypt

A user or user group can decrypt an encrypted device.

Export to file

The passphrases or public keys from user certificates are used to create a symmetric key for device encryption. When the Self Contained Encryption option is selected, the encryption key can be stored in a separate file and password protected. This is the most secure method, because the encryption key and the encrypted data can be transported separately.

Export to media

The passphrases or public keys from user certificates are used to create the symmetric key used to encrypt a device. When the Self Contained Encryption option is selected, the encryption key can be stored on the same device used for encryption and password protected. The only protection of the data is the password itself.

Import

When the Self Contained Encryption option is selected, a user can access encrypted media by specifying a separate key file, which is not stored on the encrypted media, and providing the associated password.

Restriction: Permission to Encrypt, Decrypt, Export to file, Export to media, and Import is available only for the Removable Storage Devices class.

Option

Description

Self Contained Encryption

The assigned Permissions apply to the device when encrypted with Device Control self-contained encryption technology.

BitLocker Encryption

The assigned Permissions apply to the device when encrypted with BitLocker Drive Encryption.

Unencrypted (Unencrypted or unknown encryption type)

The assigned Permissions apply to the device when unencrypted or encrypted with an unsupported technology.

 

Option

Description

All

Permissions apply when a device is connected through any bus connection.

USB

Permissions apply when a device is connected through a USB 1.1 and 2.0 or higher standard interface.

Firewire

Permissions apply when a device is connected through a Firewire IEEE 1394 standard interface.

ATA/IDE

Permissions apply when a device is connected through the ATA/IDE, SDATA-1, SATA-2 and eSATA variants interfaces.

SCSI

Permissions apply when a device is connected through the SCSI narrow, wide and ultra variants interfaces.

PCMCIA

Permissions apply when a device is connected through the PCMCIA CARDBUS interface, including the Expresscard/34 and /54 variants.

Bluetooth

Permissions apply when a device is connected through the Bluetooth standard interface.

A Bluetooth device must be restarted for a permission change to take effect.

IrDA

Permissions apply when a device is connected through the IrDA (infrared) standard interface.

Restriction: Only standard interface types supported by the device class you select are available for defining permissions.

Options

Description

Both

Permission rules apply to the hard drive and non-hard drive for the device class selected.

Hard Drive

Permission rules apply only to the hard drive for the device class selected.

Non-Hard Drive

Permission rules apply to the non-hard drive for the device class (including Removable Storage Devices) selected.

Related Information:

Related Tasks: