- Go to Devices.
- Select a desktop or server group.
-
Click Configure Policy.
The Configure Policy: <group name> screen appears.
- Click Device Control.
-
Update the following as required:
-
Enable Device Control
Enable USB Autorun Prevention
Permissions: Set for both USB devices and network resources.
Table 1. Device Control Permissions Permissions
Files on the Device
Incoming Files
Full access
Permitted operations: Copy, Move, Open, Save, Delete, Execute
Permitted operations: Save, Move, Copy
This means that a file can be saved, moved, and copied to the device.
No access
Prohibited operations: All operations
The device and the files it contains are visible to the user (for example, from Windows Explorer).
Prohibited operations: Save, Move, Copy
Read
Permitted operations: Copy, Open
Prohibited operations: Save, Move, Delete, Execute
Prohibited operations: Save, Move, Copy
Modify
Permitted operations: Copy, Move, Open, Save, Delete
Prohibited operations: Execute
Permitted operations: Save, Move, Copy
Read and execute
Permitted operations: Copy, Open, Execute
Prohibited operations: Save, Move, Delete
Prohibited operations: Save, Move, Copy
Exceptions: If a user is not given read permission for a particular device, the user will still be allowed to run or open any file or program in the Approved List.
However, if AutoRun prevention is enabled, even if a file is included in the Approved List, it will still not be allowed to run.
To add an exception to the Approved List, enter the file name including the path or the digital signature and click Add to the Approved List.
-
- Click Save.
Views: