Major Features of Ivanti Device Control
Ivanti Device Control allows administrators to set access rights for various device types. Permissions can be temporary, permanent, or applicable only at designated times.
Here are some of the features offered:
Manage device access from a central location: The primary function of Device Control is to allow centralized management of access to devices and device types between users, endpoints, user groups, and endpoint groups.
Various device types supported: Device Control supports a wide variety of device types, in addition to supporting device types, such as FireWire, USB, SCSI, ATA/IDE, and Bluetooth, PCMCIA (Cardbus) and IrDA buses. For a complete list of supported device types, see Supported Device Types in Ivanti Device Control.
Easy-to-useinterface: An Access Control List is responsible for helping with the management of device permissions. With the Access Control List, you can control access to devices at various levels: user groups, endpoint groups, device classes, device collections, or individual devices.
Define devices as read-only: With Device Control, it is possible to deny write permissions for specific devices or device types. These include CD/DVD writers, floppy drives, USB drives, and so on. You may also restrict other permissions such as encrypting, writing, decrypting, importing data, and exporting data to devices.
Define copy limits: You can prevent users from misusing their writing permissions by limiting the amount of data that can be written to external storage devices.
Grant temporary access: Certain situations call for giving a user, endpoint, or a group access to a device for a limited period. Device Control allows you to grant temporary access. You can grant temporary access for a predetermined time frame and the access is automatically terminated when the specified time expires.
Schedule permissions: With Device Control, you can create policies that allow or prevent access to a device during a certain period. For example, you can permit access to DVD drives from 9 A.M. to 5 P.M, Monday to Friday.
Create context-sensitive permissions: Device Control supports the creation of sophisticated policies that are applicable to specific devices based on their context or connection status. This allows you to create permissions for devices that differ based on the device's network connection status. For example, laptop Wi-Fi cards may be disabled when company laptops are connected to the organization’s network and they may be enabled once disconnected from the network.
Enable file shadowing: Device Control incorporates shadow technology that allows administrators to enable copying of data to or from removable media such as CD/DVD, floppy disks, storage devices, and PCMCIA drives. Copies of data written to parallel and serial ports can also be obtained. For devices that support partial shadowing, only the file name is copied. Shadowing can be enabled on a per-group basis.
Manage user-defined devices: In addition to default device classes, Device Control allows you to manage those devices not defined in the default installation. These devices may be added as user-defined devices. Their permissions are applied in the same way as those for default devices.
Create permissions on a per- device basis: Controlling access to sensitive data is sometimes not possible by controlling access to an entire device type. It may require controlling access to a particular device model or even individual devices of a model. For example, you may grant access to only a few devices of a company-approved model and restrict access to devices of the same class that contain sensitive data.
Control access to serially- identified removable devices: Besides granting permissions for devices belonging to a particular class, and devices of a specific model, Device Control allows you to grant permissions for unique devices, based on their serial numbers.
Encrypt individual devices: Unauthorized users and systems can be prevented from accessing sensitive data on removable devices while still using the device. Device Control allows specific data on a device to be encrypted and access to it restricted to authorized persons.
Filter file types for copying: Device Control enables you to determine copying permission granted to and from removable devices for each file type.
Log device actions: Device Control has a device logging feature that you can enable if you want to keep track of specific actions performed on devices. For example, you can choose to log whenever a device is connected to an endpoint.
Maintain a library of devices in your network: The Device Library in Device Control gives you a centralized location from where you can add and control various network devices. You can also create device groups and define access permissions in this module.