The Device Permissions Setup Process

After successfully installing Application Control, an administrator uses the Management Console to configure and define user access permissions and device permission rules required in an Ivanti Device and Application Control environment that specify which devices each user can access, as described by the following process flow.

Define Console Administrators
The Enterprise Administrator defines administrative roles for network Administrators that have restricted access to the Management Console.

Define User Access
After defining Administrator roles, the Enterprise Administrator assigns the roles to Administrators using the User Access tool.

Add Domain and Workgroup Computers
Administrators add computers to a domain group or computer workgroup in the Machine-specific settings structure of the Device Explorer.

Add Devices, Groups, and Models
Define user access permission rules for devices, device classes, device groups, device models, and computers, by assigning one or more users or user groups to the devices. Initially, the default permissions for all devices that connect to a computer running the Ivanti Device and Application Control client is None, which means that all user access is denied.

Add Permissions for Devices, Device Classes, Device Groups, Device Models, and Computers
Assign permission rules for users to access devices, device classes, device groups, device models, and computers.

Assign Computer-Specific Access to Devices for Users and/or User Groups
Assign computer-specific permission rules for users to access devices and device classes.

Permissions determine access to devices for authorized users or groups on any computer protected by Ivanti Device and Application Control. You can change rules to grant, extend, or deny permissions. You can allow access to CD/DVD-ROMs for specific users or groups that otherwise do not have access as defined by permissions policies, because users cannot use unauthorized CD/DVDs.