Managing Offline Permissions for Devices
For details on the Permissions feature, see
Permissions (Regular Profile).
Offline permissions can have one of the following states:
•Not Configured - No permission settings are specified for the device type.
•Configured - Different accounts are assigned different permissions for the device type.
•Full Access - All accounts have full access to the device type.
This state shows up, for example, when permissions are set only for the “Everyone” account so that it has full access to the device type.
•No Access - No accounts have access to the device type.
This state shows up, for example, when the “Everyone” account is explicitly denied any access to the device type, or permissions are not set for any accounts. Note that the denial for the “Everyone” account overrides all permissions for other accounts.
•Use Regular - Inheritance of offline permissions is blocked and regular permissions are enforced. Offline DeviceLock Service settings can have this state only in DeviceLock Service Settings Editor or DeviceLock Group Policy Manager.
The enforcement of regular permissions is helpful when using Group Policy or DeviceLock Service settings files (.dls) to deploy DeviceLock policies throughout the network as this kind of enforcement can be used to prevent offline permissions inherited from a higher level from being applied to a specific group of client computers at a lower level.
Managing offline permissions involves the following tasks: