1 Disabling Access to USB Mass Storage Devices



Similar documents
1 Preventing Devices from Connecting to Unsecure Wireless Networks

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

Administration Quick Start

BitLocker To Go User Guide

CANON FAX L360 SOFTWARE MANUAL

Contents. VPN Instructions. VPN Instructions... 1

ECA IIS Instructions. January 2005

Sophos Anti-Virus for NetApp Storage Systems startup guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Virtual Office Remote Installation Guide

Sophos Endpoint Security and Control standalone startup guide

Novell ZENworks 10 Configuration Management SP3

PrintFleet Local Beacon

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Mapping the ITS File Server Folders to Mosaic Windows

The FlexiSchools Online Order Management System Installation Guide

Installing TestNav Mac with Apple Remote Desktop

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

CODESOFT Installation Scenarios

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

How to connect to VUWiFi

ESET REMOTE ADMINISTRATOR. Migration guide

Network DK2 DESkey Installation Guide

LRDC Computing Services

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Supplement I.B: Installing and Configuring JDK 1.6

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Installation Instruction STATISTICA Enterprise Small Business

Asset Inventory Reference

Palomar College Dial-up Remote Access

Interact for Microsoft Office

etoken Enterprise For: SSL SSL with etoken

Guide to Installing BBL Crystal MIND on Windows 7

DocuPrint C3290 FS Features Setup Guide

Out-of-Band Management Reference

Network Setup Guide. Introduction. Setting up for use over LAN

PC Agent Quick Start. Open the Agent. Autonomy Connected Backup. Version 8.8. Revision 0

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Install and Configure Oracle Outlook Connector

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

Windows 98 and Windows Me

How to use FTP Commander

ZENworks Adaptive Agent Reference

Connecting to the Hospira FTP Server

MyNetFone Virtual Fax. Virtual Fax Installation

Batch Scanning. 70 Royal Little Drive. Providence, RI Copyright Ingenix. All rights reserved.

Install Device Drivers and Toolkit for Windows 7

NOVELL ZENWORKS ENDPOINT SECURITY MANAGEMENT

Set Up Setup with Microsoft Outlook 2007 using POP3

ScanWin Installation and Windows 7-64 bit operating system

Legal Notes. Regarding Trademarks KYOCERA Document Solutions Inc.

The FlexiSchools Online Order Management (FOOM) Installation Guide

Lab - Configure a Windows 7 Firewall

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

File Manager Pro User Guide. Version 3.0

A-AUTO 50 for Windows Setup Guide

Server Installation Guide ZENworks Patch Management 6.4 SP2

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Software Installation Requirements

User Source and Authentication Reference

BioWin Network Installation

Mapping ITS s File Server Folder to Mosaic Windows to Publish a Website

How to install and use the File Sharing Outlook Plugin

Xerox 700 Digital Color Press with Integrated Fiery Color Server. Utilities

Uninstall Check Scanning software (Fujitsu S300)

Print Server Application Guide. This guide applies to the following models.

1. Installation Overview

MODEM AND DIAL-UP. Installation/Configuration (Windows 95/98/Me/NT/2000/XP)

Avira Management Console AMC server configuration for managing online remote computers. HowTo

Point of Sale 2015 Enterprise. Installation Guide

How to Connect to Berkeley College Virtual Lab Using Windows

HOW TO RETRIEVE FILES FROM THE TARGET ANALYTICS FTP SITE

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

TOSHIBA GA Printing from Windows

Getting Started with MozyPro Online Backup Online Software from Time Warner Cable Business Class

OnDemand. Getting Started Guide

HOW TO CONNECT TO FTP.TARGETANALYSIS.COM USING FILEZILLA. Installation

Create, Link, or Edit a GPO with Active Directory Users and Computers

Software Installation Guide

KeePass Getting Started on Windows

Using Internet or Windows Explorer to Upload Your Site

System Overview and Terms

educ Office Remove & create new Outlook profile

Software Distribution Reference

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Installing PowerLink on Windows 7 64-bit

ZENworks 11 Support Pack 4 Management Zone Settings Reference. May 2016

ChromQuest 5.0 Chromatography Data System

Supplement I.B: Installing and Configuring JDK 1.6

Novell ZENworks Asset Management 7.5

Installation and Configuration of Aadhaar Enrolment Client

Using Websense Data Endpoint Client Software

Browser Client 2.0 Admin Guide

Xerox EX Print Server, Powered by Fiery, for the Xerox 700 Digital Color Press. Printing from Windows


Colligo Manager 6.0. Offline Mode - User Guide

Network Printing In Windows 95/98/ME

Connecting and Setting Up Your Laptop Computer

Transcription:

ZENworks 11 Endpoint Security Management - USB Device Control January 20154 This document provides test scenarios that show you how to use ZENworks Endpoint Security Management to control users access to USB mass storage devices. 1 Disabling Access to USB Mass Storage Devices As the ZENworks administrator, you want to prohibit users from accessing USB mass storage devices on ZENworks managed devices. The following steps help you import a predefined USB Connectivity policy that disables USB mass storage devices and then assign the policy to devices. 1 Import the policy: 1a Copy the following files to a directory on the ZENworks Primary Server: USB-MassStorageClass-Disabled.xml policykey.txt When you click a filename, the file will either be opened, saved, or you will be prompted to open or save it. You need to save the file. If it opens, click File > Save. If you downloaded the Endpoint Security Resource Kit, you can copy the files from the PolicyExamples directory. 1b On the Primary Server, open a command prompt, change to the directory where you copied the two files, then run the following command: zman epi "USB - Mass Storage Class Disabled" policykey.txt USB- MassStorageClass-Disabled.xml 1c When prompted, enter your ZENworks administrator username and password. The following message is displayed if the policy is successfully imported: Successfully created the object "USB - Mass Storage Class Disabled" in "/ Policies". 2 In ZENworks Control Center, click Policies, then click the USB - Mass Storage Class Disabled policy to display its properties. 3 Click the Details tab. The policy is a global policy that enables USB device access. The USB Mass Storage Class option is set to Disable, which blocks access to USB mass storage devices. The access settings for the other device classes are inherited from other USB Connectivity policies assigned to the device or user. ZENworks 11 Endpoint Security Management - USB Device Control 1

4 Click the Relationships tab. 5 In the Device Assignments panel, add the devices to which you want to assign the policy. When prompted how to resolve policy conflicts, choose User Last. 6 Test the policy on one of the assigned devices: 6a On the device, right-click the ZENworks icon, then click Refresh to retrieve the new policy. 6b When the device finishes refreshing, double-click the ZENworks icon to display the ZENworks Adaptive Agent properties, then click Policies and make sure the USB - Mass Storage Class Disabled policy has been successfully applied. 2 ZENworks 11 Endpoint Security Management - USB Device Control

6c Insert a USB device into the machine. 6d Open Windows Explorer and look for the USB device in the list of drives. The USB device should not be listed. 2 Enabling Users to Access Specific USB Mass Storage Devices This scenario assumes that you have already applied a USB Connectivity policy that disables access to all USB mass storage devices on your ZENworks managed devices. If you have not, complete the Disabling Access to USB Mass Storage Devices scenario before continuing. Your ZENworks administrators have a set of USB mass storage devices that you want to allow them to access, but they are being blocked by the device-assigned USB Connectivity policy. You want to override this restriction on your ZENworks administrators machines in order to allow them to use their USB devices. To ensure that the USB devices are accessible only when a ZENworks administrator is logged in, you need to apply a user-assigned USB Connectivity policy that overrides the device-assigned policy already assigned to your machines. The following steps help you 1) identify the attributes for the USB mass storage devices you want to allow, 2) import a predefined USB Connectivity policy that is preconfigured to allow specific USB mass storage devices, 3) modify the policy s list of allowed devices to include your devices, and then 4) assign the policy to your ZENworks administrators. 1 Use the ZENworks Device Scanner to discover the information for the USB devices you want to allow: 1a In ZENworks Control Center, download the Device Scanner tool. To do so, click Home > Download ZENworks Tools (under Common Tasks) to display the ZENworks Download page. Click Administrative Tools, then click the Endpoint Security tab. Click ZESMDeviceScannerUtilitySetup.exe to download the Device Scanner to your local machine. 1b Double-click ZESMDeviceScannerUtilitySetup.exeto install the Device Scanner. 1c Plug in the USB devices. If you need to scan more devices than you have USB ports, you can perform multiple scans. ZENworks 11 Endpoint Security Management - USB Device Control 3

1d Launch the Device Scanner (Start menu > All Programs > Novell > ZENworks > ZES Device Scanner > ZES Device Scanner). 1e Click Scan Devices to scan the USB devices. 1f If you have additional USB devices to scan, plug them in, then click Scan Devices again. When you are done scanning devices, each device should have an entry in the USB Devices list. 2 Import the policy: 2a Copy the following files to a directory on the ZENworks Primary Server: USB-MassStorageDevices-Enabled.xml policykey.txt When you click a filename, the file will either be opened, saved, or you will be prompted to open or save it. You need to save the file. If it opens, click File > Save. If you downloaded the Endpoint Security Resource Kit, you can copy the files from the PolicyExamples directory. 2b On the Primary Server, open a command prompt, change to the directory where you copied the two files, then run the following command: zman epi "USB - Mass Storage Devices Enabled" policykey.txt USB- MassStorageDevices-Enabled.xml 2c When prompted, enter your ZENworks administrator username and password. The following message is displayed if the policy is successfully imported: Successfully created the object "USB - Mass Storage Devices Enabled" in "/ Policies". 3 In ZENworks Control Center, click Policies, then click the USB - Mass Storage Devices Enabled policy to display its properties. 4 Click the Details tab. The policy is a global policy with all access settings inherited from other USB Connectivity policies assigned to the device or user. The USB Device Access Settings list includes one USB device, PNY USB 64 GB, that is specifically defined and assigned Always Enabled access. It is included as an example for you to use when adding your USB devices to the list. 4 ZENworks 11 Endpoint Security Management - USB Device Control

5 To add a device to the list: 5a Click Add > Create New to display the Add USB Connectivity Controls dialog box. 5b In the Access field, select Always Enable. 5c In the Name field, provide a display name for the USB device. 5d Fill in the Product, Friendly Name, and Serial Number fields with the USB device information captured by the Device Scanner. 5e Click OK to add the device to the list. 6 Click the Relationships tab. 7 In the User Assignments panel, add the ZENworks administrators to whom you want to assign the policy. 8 Test the policy on one of the ZENworks administrators devices: 8a On the device, make sure the ZENworks administrator is logged in. 8b Right-click the ZENworks icon, then click Refresh to retrieve the new policy. 8c When the device finishes refreshing, double-click the ZENworks icon to display the ZENworks Adaptive Agent properties, then click Policies and make sure the USB - Mass Storage Devices Enabled policy (in the User-Assigned Policies list) has been successfully applied. ZENworks 11 Endpoint Security Management - USB Device Control 5

8d Insert one of the allowed USB devices into the machine. 8e Open Windows Explorer and look for the USB device in the list of drives. The USB device should be listed because the user-assigned USB - Mass Storage Devices Enabled policy is explicitly enabling access to the device. 8f Insert a USB device that is not allowed. 8g Open Windows Explorer and look for the USB device in the list of drives. The USB drive should not be listed because the device-assigned USB - Mass Storage Class Disabled policy is disabling access to the device. 6 ZENworks 11 Endpoint Security Management - USB Device Control

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information