USB Devices White List Dialog Box
To define the online (regular) white list, select Manage from the shortcut menu available with a right mouse click. Alternatively, you can click the appropriate button on the toolbar.
In the USB Devices Database list at the top of the dialog box, you can see devices that were added to the database.
Once devices are added from the database to the white list of a certain user, they become authorized devices for which access control is disabled when this user is logged in.
You can add a device to the USB Devices White List in two steps:
1. Select a user or user group for which this device should be allowed. Click Add under the Users list to add the user/group. To delete the record from the Users list, click Delete.
2. Select the appropriate device record in the USB Devices Database list and click Add.
If the device has an assigned serial number, it can be added to the white list two times: as Device Type and as Unique Device. In this case Device Type has a priority over Unique Device.
When the Control as Type check box is selected, access control for white listed devices is disabled only on the interface (USB) level. If the white listed device (for example, USB Flash Drive) belongs to both levels: interface (USB) and type (Removable), the permissions as well as audit, shadowing and alert settings (if any) specified at the type level will be applied anyway.
Otherwise, if the Control as Type check box is not selected, access control at the type level is also disabled. For example, by clearing the Control as Type check box for a USB flash drive you disable the checking of access permissions on that drive that are specified for the Removable device type.
Note: When adding a USB composite device (one represented in the system as a parent device and one or more child devices) to the USB Devices White List, consider the following: •If any device of a USB composite device is in the white list, access control is disabled for all devices of the composite device at the interface (USB port) level. In this case, if the white-listed device belongs to both levels: interface (USB) and type (for example, Removable), and the Control as Type check box is selected, the permissions (if any) specified at the type level will be applied anyway. |
When the Read-only check box is selected, only read access is granted to the white listed storage device. If this device doesn’t support read-only access then access to this device is blocked.
Select the Allow Audit & Shadowing as Type check box to enable auditing, shadowing and alerting for a white-listed device at the type level according to the settings defined in Auditing, Shadowing & Alerts, for all device types this device belongs to.
Select the Reinitialize check box to force the white-listed device to reinitialize (replug) when a new user logs in. Some USB devices (such as the mouse) cannot work without reinitializing, so it is recommended to select this check box for non-storage devices. It is also advisable to clear this check box for data storage devices (flash drives, optical drives, external hard drives, etc.).
Important: DeviceLock Service cannot reinitialize USB devices whose drivers do not provide for software replug of device. If there is no access to such a device from the white list, the user should remove the device from the USB port and then insert it back to restart the driver. |
To edit a device’s description, select the appropriate record in USB Devices White List and click Edit.
Note: By default, the console checks the uniqueness of each USB device description, prompting to change the description if needed. You can opt out of this check by adding the following registry value on the computer running the console: •Key: HKEY_CURRENT_USER\Software\SmartLine Vision\DLManager\Manager •Value: DisableWLNameUniquenessCheck=dword:00000001 |
Click Delete to delete a selected device’s record (use CTRL and/or SHIFT to select several records simultaneously).
To save the white list to an external file, click Save, and then select the name of the file. To load a previously saved white list, click Load and select a file that contains the list of devices.
If you need to manage the devices database (see
USB Devices Database), you can click
USB Devices Database and open the respective dialog box.
Note: If you add an iPhone device to the USB Devices White List, access control is disabled for both the iPhone and its camera at the interface (USB port) level. Thus, you cannot allow access to iPhone and deny access to its camera at the interface (USP port) level. In the USB devices database, an iPhone device is identified as the Apple Mobile Device USB Driver. However, it is possible to allow access to iPhone’s camera and deny access to iPhone. To do this, you can use any of the following methods: •Method 1. To allow access to iPhone’s camera, add the iPhone to the USB Devices White List and select the Control as Type check box. To deny access to iPhone, set the “No Access” permission for the iPhone device type. •Method 2. To allow access to iPhone’s camera, clear the Access control for USB scanners and still image devices check box in Security Settings. To deny access to iPhone, set the “No Access” permission for the USB port device type. |
