34.3 Enable Preferred Device List in the Policy

The Removable Storage access setting applies to all removable storage devices (RSDs). This includes FireWire devices, storage cards, USB devices, and any other devices reported as removable storage under Disk drives in Windows Device Manager.

The Preferred Device list applies only to USB devices. Select this option if you want to override the Removable Storage access setting for specific USB devices.

34.3.1 Default Device Access

Each device you add to the Preferred Device list must include an access assignment. The Default Device Access setting is used as the default access assignment for 1) any device you import that doesn’t have an assignment and 2) any device you create whose access you set to Default Access. Select from the following options:

  • Enable: Enables read and write access.

  • Disable: Prevents read and write access. When users attempt to access files on the device, they receive an error message that the action has failed.

  • Read Only: Enables read access and disable write access. When users attempt to write to the device, they receive an error message that the action has failed.

  • Inherit: If the policy’s Inherit from Policy Hierarchy setting is enabled, inherits this setting from other Storage Device Control policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting is inherited from any Storage Device Control policies assigned to the user’s groups, folders, or zone.

34.3.2 Preferred Device List

The following table provides instructions for managing the Preferred Device list:

Task

Steps

Additional Details

Create a new device

  1. Click Add > Create New.

  2. Select the access you want assigned to the device:

    • Disable: Disable access.

    • Enable: Enable access.

    • Default Device Access: Give the device the access specified by the Default Device Access setting.

    • Read Only: Enable read access and disable write access. When users attempt to write to the device, they receive an error message from the operating system, or the application attempting to access the local storage device, that the action has failed.

  3. (Optional) Add a comment to further identify the device.

    The Comment field is not a match field. It is used only in ZENworks Control Center to identify the device.

  4. On the Recommended tab, fill in the fields you want to use as match criteria for the device.

  5. On the Advanced tab, fill in the fields you want to use as match criteria for the device.

  6. Click OK to add the device to the list.

The fields on the Recommended tab are typically sufficient to use for the match criteria. As a best practice, we recommend that you use the fewest number of fields needed to accurately match the device. The more fields you use, the more restrictive the definition becomes.

The Manufacturer, Product, and Friendly Name fields are substring match. For example, “San”, and “SanDisk” both match all SanDisk devices while “SanDisk Cruzer” and “Cruzer” match all SanDisk Cruzer devices but excludes all other SanDisk devices.

The Serial Number, Vendor ID, and Product ID fields are exact match. Be aware that not all devices have unique serial numbers. To guarantee a unique match based on a serial number, use the Vendor ID and Product ID fields as well.

The Recommended fields are not case sensitive.

The fields on the Advanced tab can be used to refine the match criteria in order to isolate very specific devices. Use of these fields can literally restrict a device definition so that it only matches a single device on a specific port on a specific computer.

All of the Advanced fields are exact match. They are not case sensitive.

Copy an existing device from another policy

  1. Click Add > Copy Existing.

  2. Select the USB Connectivity policies whose devices you want to copy.

  3. Click OK.

All devices included in the other Storage Device Control policies are copied. If necessary, you can edit the copied devices after they are added to the list.

Import a device from a policy export file

  1. Click Add > Import.

  2. In the Select Source of Data list, make sure that Existing Policy/Component is selected.

  3. In the Select the Exported File field, click to display the Select File dialog box.

  4. Click Browse, select the export file, then click Open.

  5. Click OK to add the devices to the list.

All devices included in the export file are imported. If necessary, you can edit the imported devices after they are added to the list.

For information about exporting devices, see Export a device.

Import a device from a Device Scanner file

  1. Click Add > Import.

  2. In the Select Source of Data list, select ZESM Device Scanner Tool.

  3. In the Select the Data File field, click to display the Select File dialog box.

  4. Click Browse, select the export file, then click Open.

  5. Click OK.

  6. Select the fields you want to import for each device in the data file.*

    The recommended fields are selected by default. As a best practice, we recommend that you import the fewest number of fields needed to accurately match the device. The more fields you use, the more restrictive the definition becomes.

  7. Click OK to import the devices.

* The Access field must be selected on import if you want the access setting that is defined in the Device Scanner file to map to the Preferred Device List Access setting. Read Only has no Device Scanner mapping and must be selected manually.

For information on how Access settings map, see Access Import Mapping (Preferred Device).

For information about using the Device Scanner to collect data about USB devices, see Device Scanner in the ZENworks 11 SP4 Endpoint Security Utilities Reference.

Enable or disable a device

  1. Locate the device in the list

  2. In the Enabled column, select the check box to enable the device.

    or

    Deselect the check box to disable the device.

When you add a device, it is enabled by default. You can disable a device to save it in the policy but no longer have it applied.

Edit a device

  1. Click the device name.

  2. Modify the fields as desired.

  3. Click OK.

 

Rename an device

  1. Select the check box next to the device name, then click Edit > Rename.

  2. Modify the name as desired.

  3. Click OK.

 

Export a device

  1. Select the check box next to the device name.

    You can select multiple devices to export.

  2. Click Edit > Export.

  3. Save the file.

    The default name given to the file is sharedComponents.xml. You can change the name if desired. Do not change the .xml extension.

 

Delete a device

  1. Select the check box next to the device name, then click Delete.

  2. Click OK to confirm deletion of the device.

 

Access Import Mapping (Preferred Device)

Device Scanner Access Setting

Preferred Device List Access Setting

Allow

Enable

Block

Disable

Always Allow

Enable

Always Block

Disable

Default Access

Default Device Access

No mapping

Read Only