USB Devices White List (Regular Profile)

DeviceLock Service : Managing DeviceLock Service for Windows : USB Devices White List (Regular Profile)

The devices white list allows you to authorize only specific devices that will not be locked regardless of any other settings. The intention is to allow special devices but lock all other devices.

In the console tree you can see a list of users and groups that have a devices white list specified. Devices in the white list can be specified individually for every user and group. For more information on how the devices white list works, refer to the Managed Access Control section of this manual.

The shortcut menu of the devices white list provides the following commands:

•Delete User - Deletes the user or group from the white list along with all devices assigned to that user or group.

•Manage - Opens a dialog box where you can set or change the online (regular) white list.

•Manage Offline - Opens a dialog box where you can set or change the offline white list.

•Load - Loads a previously saved regular white list from an external file.

•Load Offline - Loads a previously saved offline white list from an external file.

•Save - Saves the regular white list to an external file.

•Save Offline - Saves the offline white list to an external file.

•Undefine - Resets the entire regular white list to the unconfigured state. Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.

•Undefine Offline - Resets the entire offline white list to the unconfigured state. If the offline white list is undefined, the regular white list is applied to offline client computers.

•Remove Offline - Blocks the inheritance of the offline white list and enforces the regular white list. Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.

•USB Devices Database - Opens a dialog box where you can add devices to the USB Devices Database, making them available for adding to the white list.

Note: You can define different online vs. offline USB Devices White Lists for the same user or sets of users. The online USB Devices White List (Regular Profile) applies to client computers that are working online. The offline USB Devices White List (Offline Profile) applies to client computers that are working offline. By default, DeviceLock works in offline mode when the network cable is not connected to the client computer. For detailed information on DeviceLock offline policies, see DeviceLock Security Policies (Offline Profile). For information about how to define the offline USB Devices White List, see Managing Offline USB Devices White List.

There are two ways to identify devices in the white list:

•Device Model - Represents all devices of the same model. Each device is identified by a combination of Vendor ID (VID) and Product ID (PID).

This combination of VID and PID describes a unique device model but not a unique device unit. It means that all devices belonging to the certain model of the certain vendor will be recognized as the one authorized device.

•Unique Device - Represents a unique device unit. Each device is identified by a combination of Vendor Id (VID), Product Id (PID) and Serial Number (SN).

Not all devices have serial numbers assigned. A device can be added to the white list as a Unique Device only if its manufacturer has assigned a serial number to it at the production stage.

Two steps are required to authorize a device:

1. Add the device to the devices database (see USB Devices Database), making it available for adding to the white list.

2. Add the device to the white list for the specified user/group. In effect, this designates the device as authorized and allows it for this user/group at the interface (USB) level.

Note: Audit is not performed for users’ attempts to access a white-listed device while users’ attempts to insert or remove a white-listed device are audited.