Defining Rules for Devices

Content-Aware Rules (Regular Profile) : Managing Content-Aware Rules : Defining Content-Aware Rules : Defining Rules for Devices

Use the following steps to define a Content-Aware Rule for devices:

1. If using the DeviceLock Management Console, do the following:

a) Open DeviceLock Management Console and connect it to the computer running DeviceLock Service.

b) In the console tree, expand DeviceLock Service.

If using the DeviceLock Service Settings Editor, do the following:

a) Open DeviceLock Service Settings Editor.

b) In the console tree, expand DeviceLock Service.

If using the DeviceLock Group Policy Manager, do the following:

a) Open Group Policy Object Editor.

b) In the console tree, expand Computer Configuration, and then expand DeviceLock.

2. Expand the Devices node.

3. Under the Devices node, do one of the following:

•Right-click Content-Aware Rules, and then click Manage.

- OR -

•Select Content-Aware Rules, and then click Manage

on the toolbar.

This will display a dialog box similar to the following.

4. In the lower-left pane of the dialog box that appears, under Users, click Add.

The Select Users or Groups dialog box appears.

5. In the Select Users or Groups dialog box, in the Enter the object names to select box, type the names of the users or groups for which to define the rule, and then click OK.

The users and groups added are displayed under Users in the lower-left pane of the dialog box for managing content-aware rules.

To delete a user or group, in the lower-left pane of the dialog box for managing rules, under Users, select the user or group, and then click Delete or press the DELETE key.

6. In the lower-left pane of the dialog box for managing rules, under Users, select the users or groups for which the rule should apply.

You can select multiple users or groups by holding down the SHIFT key or the CTRL key while clicking them.

7. In the upper pane of the dialog box for managing rules, under Content Database, select the desired content group, and then click Add, or double-click the desired content group.

Note: Only one content group can be specified for a Content-Aware Rule.

The Add Rule dialog box appears.

8. In the Add Rule dialog box, in the Name box, type the name of the Content-Aware Rule.

By default, the rule has the same name as its content group. The name of the rule can be changed if needed.

To view this rule’s content group, click the View Group button in the bottom left corner of the dialog box. The console displays the properties of the group in a separate dialog box, allowing property values to be viewed but not modified.

9. Under Applies to, specify the type of operation associated with the rule. The available options are:

•Permissions - Specifies that the rule will apply to access control operations.

•Shadowing - Specifies that the rule will apply to shadow copy operations.

•Detection - Specifies that the rule will detect specified content in transferred data, log detection events, and send alerts to the administrator if the appropriate flags have been set.

•Permissions, Shadowing - Specifies that the rule will apply to both access control and shadow copy operations.

•Permissions, Detection - Specifies that the rule will apply to both access control and detection operations.

•Shadowing, Detection - Specifies that the rule will apply to both shadow copy and detection operations.

•Permissions, Shadowing, Detection - Specifies that the rule will apply to both access control and shadow copy operations, as well as to detection operations.

Note: To successfully create/save a rule that applies either to detection operations only or to detection operations combined with other operations, at least one of the following options must be selected for this rule: Log Event, Send Alert or Shadow Copy (see step 10 of this procedure). Otherwise, the rule cannot be saved and the following message appears: “Log Event, Send Alert or Shadow Copy should be specified.”

10. Under If this rule triggers, specify the following additional actions to be performed when the rule triggers:

•Send Alert - Specifies that an alert is sent whenever the rule triggers.

•Log Event - Specifies that an event is logged in the Audit Log whenever the rule triggers.

•Shadow Copy - Specifies that a shadow copy of data is created whenever the rule triggers.

When alerts, audit and/or shadowing are enabled or disabled in a Content-Aware Rule, the rule setting takes precedence over the respective setting for the device type.

Example: If audit is enabled for a particular device type and disabled in a rule for that device type, the triggering of the rule does not cause audit events. If audit is enabled in the rule, then the triggering of the rule causes audit events, even if audit is disabled at the device-type level.

The rule can also inherit the alert, audit and/or shadowing setting from the device-type level. This is the default option, represented by the indeterminate state of the check boxes (neither checked nor cleared). The state of each check box can be changed individually.

Example: When a rule inherits the audit setting from the device-type level, the triggering of the rule causes audit events only if audit is enabled for the device type controlled by that rule.

11. Under Device Type(s), select the appropriate device type(s) for this rule to be applied to.

Content-Aware Rules can be applied to the following device types: Clipboard, Floppy, iPhone, MTP, Optical Drive, Palm, Printer, Removable, TS Devices, and Windows Mobile.

Under Action(s), if you multi-select device types that have different combinations of configurable access rights, the dialog box will display the superset of access rights for the selection list: those that are common to all selected device types, and those that do not necessarily apply to all types. As would be expected, if a particular access right that is displayed is not common to one or more particular selected device types, its setting cannot be applied to those device types and will only apply to types where the setting is supported.

12. Under Action(s), specify which user actions are allowed or disallowed on files, which user actions are logged to the Shadow Log, and in which cases content detection occurs.

If the rule applies to shadow copy operations combined with other operations, the Read user right becomes unavailable. If the rule applies to detection operations combined with other operations, only the “Allow” action becomes available. For detailed information on user rights and actions that can be specified in Content-Aware Rules, see Access Control, Content-Aware Shadowing and Content-Aware Detection for devices.

13. Click OK.

The rule created is displayed under Rules in the lower-right pane of the dialog box for managing content-aware rules.

14. Click OK or Apply to apply the rule.

The users or groups to which device-related Content-Aware Rules apply, are displayed under Devices > Content-Aware Rules in the console tree. When a user or group is selected to which a Content-Aware Rule applies, the details pane will show detailed information regarding that rule (see List of Content-Aware Rules for Devices).