# Frequently Asked Questions (FAQ)

*Last Updated On: 14 May 2026*

## General

### What is the critical distinction between Device Control Plus and other DLP solutions?

There are a plethora of vulnerabilities that can be fixed by a software patch. But, in order to address cyber attacks due to removable media it is highly important to secure your endpoints from the port level. Device Control Plus allows you control, block and monitor the devices that connect to your endpoints.

### Can I install Device Control Plus agents using SCCM?

Yes, Device Control Plus agents can be installed in endpoints by creating and deploying a package via SCCM. For detailed steps, refer [here](https://www.manageengine.com/device-control/how-to/sccm-agent-installation.html).

### How to completely disable the Temporary Access Portal?

In the server console, navigate to **Agent → Agent settings → Agent Tray Icon** and uncheck the **"Show Temporary Access Portal"** option.

### What is the purpose of adding a custom name to a trusted device?

Adding a custom name to a trusted device helps in easily identifying and managing the device within the console. This is particularly useful in environments with multiple devices, allowing administrators to quickly recognize and differentiate between them.

## Policy Deployment

### Is it possible to disable the Auto-Play feature?

Yes, you can disable auto-play under the device access control settings. It is recommended to disable it when you are creating a policy to allow a particular device type so as to prevent automatic file launching when a device is connected.

### What is the difference between associated policy and applied policy?

Policies that are created and mapped to a computer but have not been deployed yet are called associated policies. While, policies that have been deployed successfully to the computers are called applied policies.

### How to stay current with Device Control Plus?

Device Control Plus works on set and forget policy and hence you do not have to worry about updating it frequently. Once you have created the policies to control the devices, all you have to do is just monitor your computers.

### Can I control device write options by file type?

Device Control Plus will allow you to control the type of files and the size of files that can be transferred from your computer to a connected USB or peripheral device.

### Can I grant access permissions to devices that are outside my network?

Yes, you can grant temporary access to devices both inside and outside your network. Permissions can be assigned to target machines based on system type, such as laptops and desktops. Additionally, you can create custom groups using system type as a criterion for more tailored access management.

### In a scenario with multiple policies containing file access settings deployed to an endpoint, which policy takes precedence?

When an endpoint is included in multiple policies, the policies with **Allow access** will take precedence.

The order of priority when multiple file access settings policies are deployed to an endpoint is as follows:

**Allow Temporary Access > Allow Trusted Device > Allow Device policy > Block Device**

### How to configure policies such that only BitLocker encrypted devices are allowed access?

Navigate to **Create Policy → Removable Storage Device → Advanced Settings**. Then click the option **Allow access only for BitLocker encrypted devices**.

### How to revoke a policy applied to an endpoint?

To revoke a policy, the endpoint should be excluded from the Custom Group. Thus, in the next refresh cycle (default interval - 90 mins) when the agent communicates with the server, the policy will be revoked for the specific endpoint.

### How does enabling the "Allow only BitLocker encrypted devices" option work?

If the Removable Storage Devices Allowed policy is deployed with the option **Allow only BitLocker encrypted devices** enabled, then Device Control uses WMI to verify the encryption status of connected removable drives. Only encrypted removable devices are allowed access.

### What if I block wireless devices?

When you **block wireless devices**, the managed computer(s) cannot access the **internet via Wi-Fi**. To **access the network**, the computer(s) with wireless block policy should be connected to the internet via **LAN**. To manage the computer(s) via Wi-Fi, the **wireless block policy should be revoked** from the said computer(s).

### How to configure policies to allow only BitLocker encrypted devices and selective unencrypted trusted devices?

Create two policies for the device type **Removable storage media**.

- One policy is for all devices which need not be encrypted; they should be added to a trusted devices list.
- Another policy should be for just allowed devices and in **Advanced settings**, the option for enabling access for only BitLocker encrypted devices should be selected.

Save and associate both policies to the same custom group.

### How do I deploy a policy to both Mac and Windows devices in my computer group?

![Deploy policy to Mac and Windows at same time](https://www.manageengine.com/products/desktop-central/help/images/dc-faq1.png)

Create separate policies for macOS and Windows devices and deploy them to the computer group together.

### What will happen if two conflicting policies are applied to the same computer?

When two policies conflict, the "Allow" option is always given priority.

### What devices are classified as Windows portable devices?

Windows portable devices include cameras, mobile phones, and media players.

### Does blocking the SCSI port also block internal hard disks?

- **Operating System (OS) Protection:** If the internal hard disk is the designated OS Drive, the system will automatically skip it to prevent a system crash. The drive will remain functional even if the SCSI port block is active.
- **Secondary Internal Drives:** If you have additional internal hard disks that do not contain the OS, they will be blocked by default under this policy.
- To keep additional internal hard disks active while still blocking the SCSI ports for other devices, you must add those specific drives to the Trusted Devices List.

## Compatibility

### What versions of Windows does Device Control support?

Device Control in Device Control Plus supports Windows 7, Windows 8, Windows 8.1, Windows 10, and Windows 11.

### What platforms does Device Control Plus support?

Device Control Plus supports computers running on Windows and Mac operating systems.

## Audits and Reports

### How to get the reports of audit log for blocked devices?

The audit log for blocked devices will be available in a report called **Unauthorized Devices** which can be accessed from under the **Reports** tab.

### How to get report for a specific file type that went out of the network?

Device Control Plus allows you to view all the files that are transferred in and out of your network. However, you can view file transfers based on file extensions and file extension groups on the dashboard which displays the top five extensions that were frequently transferred in and out of your computer.

### How to receive blocked device details immediately at server?

To receive blocked device details at server, you have to configure the Device audit settings wherein, you can specify the email IDs at which you want to receive the details. You may also enable or disable receiving reports for each and every policy based on your preference.

### When can I view the complete device and file activities log?

The complete device and file activities list will be available in the reports section from anywhere after 6 to 24 hours of the action. However, you can receive the blocked device details immediately at server if you have configured the same.