Permissions (Regular Profile)

Note: When you set permissions for a device type, you set them for every device of that type. It is impossible to set different permissions for different devices if they are of the same type (such as removable drives). To define different permissions for USB devices even if they are of the same type, use the White List function (see USB Devices White List (Regular Profile)).

There are two levels of control: the interface (port) level and the type level. Some devices are checked at both levels, while others only at the one level - either interface (port) or type. For more information on how access control works, refer to the Managed Access Control section of this manual.

•BlackBerry (type level) - Includes all BlackBerry devices with any type of the connection interface (USB, Bluetooth) to the computer.

•Bluetooth (type level) - Includes all internal and external Bluetooth devices with any type of the connection interface (USB, PCMCIA, etc.) to the computer.

•Clipboard - Includes the Windows Clipboard. DeviceLock controls copy/paste operations for data placed on the clipboard.

Important: Right after the DeviceLock Service is installed, the user can copy and paste data between applications even if permissions are configured to deny access to the Clipboard. In this case, restart the computer for the Clipboard access settings to take effect.

•FireWire port (interface level) - Includes all devices that can be plugged into the FireWire (IEEE 1394) port, except the hub devices.

•Floppy (type level) - Includes all internal and external floppy drives with any connection interface (IDE, USB, PCMCIA, etc.). It is possible that some nonstandard floppy drives are recognized by Windows as removable devices, in this case DeviceLock treats such floppy drives as the Removable type as well.

•Hard disk (type level) - Includes all internal hard drives with any connection interface (IDE, SATA, SCSI, etc). DeviceLock treats all external USB, FireWire and PCMCIA hard drives as the Removable type. Also, DeviceLock treats as Removable some internal hard drives (usually SATA and SCSI) if they support the hot plug feature and Windows is not installed and running on them.

Note: Even if you deny access to the Hard disk type, users with local administrator rights (the SYSTEM user and members of the local Administrators group) still can access the disk partition where Windows is installed and running.

•Infrared port (interface level) - Includes all devices that can be connected to the computer via the infrared (IrDA) port.

•iPhone (type level) - Includes all iPhone, iPod Touch, and iPad devices. DeviceLock controls iPhone, iPod Touch, and iPad devices that are working with a PC through the iTunes application or its API.

•MTP (type level) - Includes all devices (such as Android smartphones, etc.) that are working with a PC through the Media Transfer Protocol. DeviceLock controls devices with any type of connection interface (USB, IP, Bluetooth) to the computer.

•Optical Drive (type level) - Includes all internal and external CD/DVD/BD devices (readers and writers) with any connection interface (IDE, SATA, USB, FireWire, PCMCIA, etc).

•Palm (type level) - Includes all Palm OS devices with any type of connection interface (USB, COM, IrDA, Bluetooth, WiFi) to the computer. DeviceLock controls Palm OS devices that are working with a PC through the HotSync application.

•Parallel port (interface level) - Includes all devices that can be connected to the computer via the parallel (LPT) ports.

•Printer (type level) - Includes all local and network printers with any type of connection interface (USB, LPT, Bluetooth, etc) to the computer. DeviceLock can even optionally control virtual printers which do not send documents to real devices, but instead print to files (for example, PDF converters).

•Removable (type level) - Includes all internal and external devices with any connection interface (USB, FireWire, PCMCIA, IDE, SATA, SCSI, etc) that are recognized by Windows as removable devices (for example, USB flash drives, ZIP drives, card readers, magneto-optical drives, and so on). DeviceLock treats all external USB, FireWire and PCMCIA hard drives as the Removable type as well. Also, DeviceLock treats as Removable some internal hard drives (usually SATA and SCSI) if they support the hot plug feature and Windows is not installed and running on them.

•Serial port (interface level) - Includes all devices that can be connected to the computer via the serial (COM) ports, including internal modems.

•Tape (type level) - Includes all internal and external tape drives with any connection interface (SCSI, USB, IDE, etc).

•TS Devices (interface level) - Includes mapped drives (all hard, removable and optical drives), serial ports, USB devices and the clipboard redirected from remote terminals to virtual application or desktop sessions, as well as to virtual desktops that run in the server host environment. DeviceLock controls device, port and terminal clipboard redirections via Microsoft RDP, Citrix ICA, VMware PCoIP, HTML5/WebSockets remoting protocols in Microsoft RDS, Citrix XenDesktop, Citrix XenApp, Citrix XenServer and VMware View virtualization environments.

In addition, for a guest Windows system that runs in VMware Workstation, VMware Player, Oracle VM VirtualBox or Windows Virtual PC virtualization solutions DeviceLock controls data copy operations between its Windows Clipboard and the clipboard of the host operating system.

•USB port (interface level) - Includes all devices that can be plugged into the USB port, except the hub devices.

•WiFi (type level) - Includes all internal and external WiFi devices with any type of connection interface (USB, PCMCIA, etc.) to the computer.

•Windows Mobile (type level) - Includes all Windows Mobile devices with any type of connection interface (USB, COM, IrDA, Bluetooth, WiFi) to the computer. DeviceLock controls Windows Mobile devices that are working with a PC through the Windows Mobile Device Center (WMDC) or Microsoft ActiveSync application or its API.