The Storage Device Control settings determine access to external storage devices (CD/DVDs, removable storage devices, and floppy drives). You can allow read/write access, read-only access, or no access. When disabled (no access), users cannot retrieve any data from the storage device; however, the hard drive and all network drives remain accessible and operational.
Make sure the policy you want to configure is open in the Management Console (see Section 10.1, Accessing the Global Settings).
On the
tab, click .For
, , and , select one of the following options:Allow All Access: Read/write access is allowed.
Disable All Access: All access is prevented. When users attempt to access files on a defined storage device, they receive an error message from the operating system, or from the application attempting to access the local storage device, that the action has failed
Read-Only Access: Read-only access is allowed. When users attempt to write to the device, they receive an error message from the operating system, or from the application attempting to access the local storage device, that the action has failed
controls all devices listed under in Windows Device Manager. controls all devices listed under in Windows Device Manager. controls all devices listed under in Windows Device Manager.
To disable CD-ROM drives or floppy drives or set them as Read-Only, the endpoint device’s Local Security Settings must have both
and set as . By default, these settings are disabled. If you need to disable them or verify that they are disabled, open either the Active Directory group policy object or open on the target devices. Look in and verify that both settings are disabled.For
, select from the following options:Allow AutoPlay: Allows the AutoPlay feature, including AutoRun.
Block AutoPlay: Blocks the AutoPlay feature, including AutoRun.
Block AutoRun: Blocks the AutoRun feature so that autorun.inf instructions are not executed. Launching of applications for specific content (music, video and pictures) is allowed.
The Windows AutoPlay feature performs two processes. First, it launches the AutoRun process, which looks for an autorun.inf in the root directory and executes the instructions in the file. Second, it looks for specific content (music, video, and pictures) and launches the appropriate application to display or play the content.
If you want to restrict which removable storage devices are allowed, complete the following steps. Doing so creates a whitelist of devices that are allowed; any devices not included in the list are blocked.
In the
list, use one of the following methods to add the removable storage devices that you want to allow:Manually enter the device information. To do so, click a field (
, , ) and type the information.Only the
and fields are used when matching devices. The field is for your own information.The
field is a partial match field. If you want to match multiple devices, use this field. For example, to match all SanDisk USB drives, enter SanDisk.The
field is an exact match field. Serial numbers are unique to specific removable storage devices. If you want to match specific devices, use this field.Scan the device information. To do so, insert the device into a USB port on the Management Console’s machine, then click
.After the device information is scanned and displayed, you can edit the fields as necessary to create the device filter you want.
Import device information from a file. To do so, click ZENworks Endpoint Security Management 4.1 Device Scanner Guide.
, select the file, then click . For information about creating an import file, see theSelect the
setting.This overrides the
setting and activates the list.For the
setting, select one of the following access settings. All devices in the list receive this access:Allow All Access: The devices in the
list are permitted full read/write capability. All other Removable Storage devices are disabled.Read-Only Access: The devices on the
list are permitted read-only capability. All other Removable Storage devices are disabled.Click
to save your changes.