Is there any way to achieve our goal using Group Policy?Īs you said, instead of using allow rules for controlling the installation of devices, I would prefer to use deny rules for specific devices which are forbidden in your company, you could use group policy to prevent installation of devices that match those Prevent the "Block everything EXCEPT" method that we use currently. As I look at the description of the relevant policies, it appears that a Deny rule takes precedence over an Allow rule. I have been told that I can accomplish the same thing using group policy, but I'm not sure if that's correct. Because we have set the policy to allow devices matching that specific hardware ID, when a user plugs in one of our encrypted flash drives the device is installed and operates normally. Some users really do need flash drives though, so we issue encrypted flash drives SEP disables the device and prevents access to the drive. This is great for cases when a user brings in a flash drive from home and plugs it into their computer. If its hardware ID doesn't match one on the exception list, the device is disabled and the user sees a popup informing them of this. When a new USB device is plugged in to a computer, We then add to the policy's exception list the hardware ID of any device we wish to allow. In SEP, we have configured it to block all USB devices by class, except for those we explicitly allow. One feature of SEP that we would need to replace is Device Control Policies. We're currently using Symantec Endpoint Protection for antivirus and are considering a switch to System Center Endpoint Protection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |