Using Tools, Device Control
The Tools module consists of administrative tools for administrators to manage database information.
Details of the individual tools are provided in a separate section of the help at Tools.
The Tools module administrative tools are used to maintain application user, file group, device permission, and database information.
User administrative actions include:
- Defining administrators.
- Defining global system options.
- Authorizing administrative users to disable Device Control using endpoint maintenance.
Device permission administrative actions include:
- Exporting permissions settings to clients.
- Distributing device permission updates by sending updates to computers.
- Providing temporary device permissions for users not connected to the network by authorizing temporary permissions.
- Recovering encryption passwords for users.
Database administrative actions include:
- Managing the information stored in the database by using database cleanup.
- Adding computers to an existing workgroup by synchronizing domains.
- Synchronizing Domains
You must regularly synchronize individual computers and Windows domain users with the domain controller to maintain accurate database user and domain information.
- Database Clean Up
You can use the Database Maintenance tool to remove obsolete database records that use storage capacity.
- Defining User Access
The Management Console can only be accessed by authorized network administrators.
- Defining Default Options
You can set global options that govern certain aspects of how protected clients interact with Ivanti Device and Application Control. These settings apply to all servers or computers protected by Ivanti Device and Application Control.
- Sending Permissions and File Authorization Updates to Computers
You must distribute system setting changes to servers and computers protected by Device Control.
- Exporting Permissions and File Authorization Settings
You can export a permissions settings file to a target computer to transfer encryption keys and passwords when the client is not connected to the Application Server.
- Working with Endpoint Maintenance
The Endpoint Maintenance feature generates an endpoint maintenance ticket that provides provisional permission to modify, repair, or remove the client, registry keys, or special directories. The endpoint maintenance ticket is then sent to a specific computer or user.
- Authorizing Temporary Permission Offline
Administrators can create temporary permission for clients that do not have network or Internet access to the Application Server.
- Recovering Encryption Key Passwords
An administrator can recover password encryption keys for users who forget the password for an encrypted storage medium or fail to enter the password successfully after five attempts.