You can specify access settings for each of the device groups listed in the following table. Each group is defined by a specific base class code. When a device’s base class matches a group, the device receives the group’s access setting.
|
Device Group |
Base Class Code |
Examples |
|---|---|---|
|
Human Interface Device (HID) |
03h |
Mice, keyboards, game controllers |
|
Mass Storage Class |
08h |
Flash drives, external hard drives, personal digital assistants (PDAs), mobile phones, cameras, Windows portable devices (WPDs) |
|
Printing Class |
07h |
Printers |
|
Scanning/Imaging (PTP) |
06h |
Scanners, any device that uses the Picture Transfer Protocol |
Select one of the following access settings for each group:
Disable: Disable access for all devices that are members of the device group.
If there are individual devices in the group for which you want to enable access, you can enable them in the USB Device Access Settings. A device’s individual access setting overrides its group access setting.
For example, assume that your organization only supports SanDisk USB devices. You could disable the Mass Storage Class so that all removable storage devices are blocked and then use the USB Device Access Settings list to enable all SanDisk devices.
Enable: Enable access for all devices that are members of the device group.
If there are individual devices in the group for which you want to disable access, you can disable them in the USB Device Access Settings. A device’s individual access setting overrides its group access setting.
Default Device Access: Give the device group the access specified by the Default Device Access setting.
Inherit: If the policy’s Inherit from Policy Hierarchy setting is enabled, inherit this setting from other USB Connectivity policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting is inherited from any USB Connectivity policies assigned to the user’s groups, folders, or zone.