Securing USB Devices

The Secure USB configuration is used for both users and computers to block or unblock the use of the USB devices.

Using this configuration, you can block or unblock the following devices:

You can also exclude devices using the Device Instance ID assigned to each device.

Applying Secure USB Settings to Computers and Users

When you apply the Secure USB configuration to both computers and users, the settings made for computers will be applied before the settings made for users. For example, assume that you have made the following settings:

The following actions will take place:

Creating Configurations to Secure USB Devices

As an administrator, you can create a configuration block or unblock specific USB devices. You can also exclude specific devices, if required.

To create a configuration to secure USB devices for users, follow the steps given below:

  1. Click the Configurations tab
  2. Click Configuration
  3. In the Computer Configurations section click Secure USB
  4. Enter a name and description for the configuration
  5. Select the devices to block or unblock
  6. Define the target
  7. Make the required execution settings
  8. Click Deploy

You have created configurations to secure USB devices. These configurations will be applied during the system startup.

Top

Excluding Devices

When you block a device you can exclude certain devices from being blocked by using the Device Instance ID assigned to each device.

Every USB device has a unique ID. This ID is assigned to devices by the system to identify them easily.

Identifying the Device Instance ID of a Device

To identify the Device Instance ID of a device, follow the steps given below:


Figure 1: Device Manager

From the list of devices, expand the list of devices for which you want the Device Instance ID.

For example, if you want to identify the Device Instance ID of a mobile phone that you have connected to the computer, expand portable devices and follow the next step.

Figure 2: Properties


Figure 3: Device Instance ID

Top

In computers which have the operating system Windows Vista (and later versions), the Device Instance ID is called the Device Instance Path. You can copy the Device Instance Path from the Properties property sheet of the Device Manager.
In computers that have older versions of the Windows operating system installed in them, you cannot copy the Device Instance ID directly from the Properties property sheet of the Device Manager.
To copy the Device Instance ID you must open the dcusbaccess log file. This file is located in <Drive>\<Desktopcentral_Agent Folder>\logs\dcusbaccess.log. It contains information about the following:

You can now view and copy the Device Instance ID for a specific device.


You can exclude devices only when you have blocked a device. To exclude devices, follow the steps given below:

  1. Click the Exclude Devices link against a device
  2. Enter the Device Instance ID for the device
  3. Click Close

You have excluded a device from being blocked.

See also : Managing Configurations and Collections, Viewing Configuration Reports, Defining Targets, Securing USB for Users
Top
Copyright © 2005-2014, ZOHO Corp. All Rights Reserved.
ManageEngine