Media White List (Regular Profile)

DeviceLock Service : Managing DeviceLock Service for Windows : Media White List (Regular Profile)

The media white list allows you to uniquely identify a specific CD/DVD/BD-ROM disk by the data signature and authorize read access to it, even when DeviceLock Service has otherwise blocked optical drives.

In the console tree you can see a list of users and groups that have a media white list specified. Media in the white list can be specified individually for every user and group.

The shortcut menu of the media white list provides the following commands:

•Delete User - Deletes the user or group from the white list along with all media assigned to that user or group.

•Manage - Opens a dialog box where you can set or change the online (regular) white list.

•Manage Offline - Opens a dialog box where you can set or change the offline white list.

•Load - Loads a previously saved regular white list from an external file.

•Load Offline - Loads a previously saved offline white list from an external file.

•Save - Saves the regular white list to an external file.

•Save Offline - Saves the offline white list to an external file.

•Undefine - Resets the entire regular white list to the unconfigured state. Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.

•Undefine Offline - Resets the entire offline white list to the unconfigured state. If the offline white list is undefined, the regular white list is applied to offline client computers.

•Remove Offline - Blocks the inheritance of the offline white list and enforces the regular white list. Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.

•Media Database - Opens a dialog box where you can add media to the Media Database, making them available for adding to the white list.

Note: You can define different online vs. offline Media White Lists for the same user or sets of users. The online Media White List (Regular Profile) applies to client computers that are working online. The offline Media White List (Offline Profile) applies to client computers that are working offline. By default, DeviceLock works in offline mode when the network cable is not connected to the client computer. For detailed information on DeviceLock offline policies, see DeviceLock Security Policies (Offline Profile). For information about how to define the offline Media White List, see Managing Offline Media White List.

The media white list can be configured to grant access to a collection of approved CD/DVD/BD-ROM disks by certain users and groups, so that only authorized users are able to use the approved information.

Any change to the content of the media will change the data signature, thus invalidating authorization. If the user copies the authorized media without any changes in the original content (byte-to-byte copy) then such a copy is accepted as the authorized media.

Two steps are required to authorize media:

1. Add the media to the database (see Media Database), making it available for adding to the white list.

2. Add the media to the white list for the specified user/group. In effect, this designates the media as authorized and allows it (read access) for this user/group at the type (Optical Drive) level.

Note: Access to white listed media can be granted only on the type (Optical Drive) level. If the CD/DVD/BD drive plugs into the port (USB or FireWire) and access to this port is denied, then access to the white listed media is denied too.