The Removable Storage access setting applies to all removable storage devices (RSDs). This includes FireWire devices, storage cards, USB devices, and any other devices reported as removable storage under Disk drives in Windows Device Manager.
The Preferred Device list applies only to USB devices. Select this option if you want to override the Removable Storage access setting for specific USB devices.
Each device you add to the Preferred Device list must include an access assignment. The Default Device Access setting is used as the default access assignment for 1) any device you import that doesn’t have an assignment and 2) any device you create whose access you set to Default Access. Select from the following options:
Enable: Enables read and write access.
Disable: Prevents read and write access. When users attempt to access files on the device, they receive an error message that the action has failed.
Read Only: Enables read access and disable write access. When users attempt to write to the device, they receive an error message that the action has failed.
Inherit: If the policy’s Inherit from Policy Hierarchy setting is enabled, inherits this setting from other Storage Device Control policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting is inherited from any Storage Device Control policies assigned to the user’s groups, folders, or zone.
The following table provides instructions for managing the Preferred Device list:
Task |
Steps |
Additional Details |
---|---|---|
Create a new device |
|
The fields on the Recommended tab are typically sufficient to use for the match criteria. As a best practice, we recommend that you use the fewest number of fields needed to accurately match the device. The more fields you use, the more restrictive the definition becomes. The Manufacturer, Product, and Friendly Name fields are substring match. For example, “San”, and “SanDisk” both match all SanDisk devices while “SanDisk Cruzer” and “Cruzer” match all SanDisk Cruzer devices but excludes all other SanDisk devices. The Serial Number, Vendor ID, and Product ID fields are exact match. Be aware that not all devices have unique serial numbers. To guarantee a unique match based on a serial number, use the Vendor ID and Product ID fields as well. The Recommended fields are not case sensitive. The fields on the Advanced tab can be used to refine the match criteria in order to isolate very specific devices. Use of these fields can literally restrict a device definition so that it only matches a single device on a specific port on a specific computer. All of the Advanced fields are exact match. They are not case sensitive. |
Copy an existing device from another policy |
|
All devices included in the other Storage Device Control policies are copied. If necessary, you can edit the copied devices after they are added to the list. |
Import a device from a policy export file |
|
All devices included in the export file are imported. If necessary, you can edit the imported devices after they are added to the list. For information about exporting devices, see Export a device. |
Import a device from a Device Scanner file |
|
* The Access field must be selected on import if you want the access setting that is defined in the Device Scanner file to map to the Preferred Device List Access setting. Read Only has no Device Scanner mapping and must be selected manually. For information on how Access settings map, see Access Import Mapping (Preferred Device). For information about using the Device Scanner to collect data about USB devices, see |
Enable or disable a device |
|
When you add a device, it is enabled by default. You can disable a device to save it in the policy but no longer have it applied. |
Edit a device |
|
|
Rename an device |
|
|
Export a device |
|
|
Delete a device |
|
|
Device Scanner Access Setting |
Preferred Device List Access Setting |
---|---|
Allow |
Enable |
Block |
Disable |
Always Allow |
Enable |
Always Block |
Disable |
Default Access |
Default Device Access |
No mapping |
Read Only |