Device control is designed to monitor the use of devices on endpoint machines. You can specify how users can access devices (CD/DVD/USB, etc.) by defining rules for media, devices and users on client workstations. Device control blocks unauthorized media and prevents malware from spreading via removable media.
Administrators can define rules for specific types of devices to be used on endpoint machines. Rules can be set either per user or per group of users. Device control is integrated with directory services to make use of Active Directory groups for configurations.
The flexible Device control rules allow access to be controlled by individual users or user groups using the device parameters such as serial number, manufacturer ID, model and more. The control permissions can be set to read-only, read/write or block access for individual users or user groups. The detailed access and scan logs simplify policy enforcement and compliance reporting.
If you set a rule that blocks access to an inserted external device, a notification window will alert the user when they insert a CD/DVD, or connect an external storage device. The notification window will prompt them to scan its contents for malware. The user can then select remember this action so that it is automatically performed in the future.
Detailed logging is available for Device control. Logs include the following information:
In this example, we will block access to all Bluetooth devices for all users.
Press the F5 key to open Advanced Setup.
Click Device Control and click the slider bar next to Enable Device control. Restart your computer for the change to take effect.
Your new rule will be listed in the Rules window. From here you can disable or re-enable it, edit its properties, make a copy, etc. If you add more rules, you'll be able to manage them the same way.