The following instructions assume that you are on the Section 9.0, Creating Security Policies) or that you are on the page for an existing Communication Hardware policy (see Section 13.0, Editing a Policy’s Details).
page in the Create New Communication Hardware Policy Wizard (seeThe Communication Hardware policy controls access for communication hardware, including being able to completely disable a hardware type (Bluetooth, wired, wireless, and so forth) or limit a hardware type to specific adapters.
Watch a video that demonstrates how to create a Communication Hardware policy. |
This panel lets you control which communication hardware is enabled on a device.
The General Settings let you configure the access for the following communication hardware:
1394 (FireWire): Controls the IEEE 1394 bus.
IrDA: Controls the infrared access port.
Bluetooth: Controls Bluetooth access if the device is using the Widcomm Bluetooth Stack software driver to provide the access. Other Bluetooth drivers are not supported.
Serial: Controls the serial communication ports.
Parallel: Controls the parallel communication ports.
Dialup: Controls the dialup adapters (modems).
Wired: Controls the wired network adapters.
Wi-Fi: Controls the Wi-Fi network adapters.
Choose from the following options to configure the communication hardware access. Not all of the options are available for each hardware type.
Disable: Disables access for the hardware.
Inherit: Inherits this setting from other Communication Hardware policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting is inherited from any Communication Hardware policies assigned to the user’s groups, folders, or zone.
Disable Modems When Wired: Disable dialup (modem) access if a wired connection is enabled.
Disable Wi-Fi When Wired: Disable Wi-Fi access if a wired connection is enabled.
By default, if you allow access for dialup, wired, or wireless hardware, all adapters are allowed. If you want to allow only specific adapters, you can add the adapters to the appropriate Approved Adapters lists (wired, Wi-Fi, or dialup).
When you add an adapter to a list (
, , or ), only the adapters in the approved list are allowed. For example, if you add Adapter1 and Adapter2 to the Approved Wi-Fi Adapters list, those two adapters are the only Wi-fi adapters that are allowed communication access.The following table provides instructions for managing the approved adapter lists:
Task |
Steps |
---|---|
Add an adapter |
|
Modify an adapter’s settings |
|
Remove an adapter |
|
This panel lets you prevent a device’s network adapters from being bridged. Bridging, which enables the device to act as a hub for access to multiple network segments, can create a significant breach in your network security.
Select one of the following options:
Enable: Enables adapter bridging.
Disable: Disables adapter bridging.
Inherit: Inherits this setting from other Communication Hardware policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting is inherited from any Communication Hardware policies assigned to the user’s groups, folders, or zone.
This setting is available only if adapter bridging is disabled.
Select this option to display a message dialog box when adapter bridging is disabled and a user attempts to create a bridge. Use the
, , and fields to create the message you want displayed.