Managing DeviceLock Service for Mac
DeviceLock Service for Mac can be managed via DeviceLock Management Console in much the same way as you manage DeviceLock Service for Windows (see
Managing DeviceLock Service for Windows).
Note: To allow remote management via DeviceLock management consoles using local user credentials for machine where DeviceLock Service for Mac was installed, the Share File and Folders using SMB (Windows) system option must be enabled for these local users or the NTLM hashes must be enabled for these accounts. For more information on this, see
Enabling NTLM authentication for local users on Mac OS X. |
In comparison to DeviceLock Service for Windows, DeviceLock Service for Mac supports only these settings and parameters:
Service Options
•DeviceLock Administrators (unsupported parameters: Enable Unhook Protection, Prevent Changes in System Configuration Files, Use Strong Integrity Check)
•DeviceLock Enterprise Server(s)
•DeviceLock Certificate
•Use Group/Server Policy
•Fast servers first
•Offline mode detection
•Override Local Policy
•Log policy changes and Start/Stop events
Service Options > Auditing & Shadowing
•Transfer shadow data to server
Service Options > Encryption
•Mac OS X FileVault
Devices
•Bluetooth (Permissions, Audit)
•FireWire port (Permissions, Audit)
•Hard disk (Permissions, Audit)
•Optical Drive (Permissions, Audit)
•Removable (Permissions, Audit, Shadowing)
•Serial port (Permissions, Audit)
•USB port (Permissions, Audit)
•WiFi (Permissions, Audit)
•USB White List (the only flag supported is Control as type)
•Media White List
Note: Bluetooth permissions are not applied to Bluetooth HID devices, so access to the devices is always allowed to prevent wireless HID devices (mice and keyboards) from being disabled on iMac and Mac Pro hardware. |
Security Settings
•Access control for USB HID
•Access control for USB Bluetooth adapters
•Access control for USB and FireWire network cards
•Access control for USB storage devices
•Access control for FireWire storage devices