4.1 Reasons to Modify Device Data

There a many reasons why you might need to modify your device data, including the following:

  • Create a generic device entry: When a device is added to a security policy, it serves as a filter against which detected devices are compared. The device data, or fields, make up the filter. If a detected device matches the policy’s device filter, the device is either enabled or disabled according to the policy setting.

    The more generic a device filter is, the more devices can match it. In most cases, a combination of the following required fields is sufficient to provide accurate matches for a device:

    • Manufacturer

    • Product

    • Friendly Name

    • Serial Number

    • Vendor ID

    • Product ID

    The more fields that you include in a device filter, the more you limit the number of matches for that device. If you include all of the fields for a scanned device, you can literally restrict the matches to the specific USB port on the computer where the device was scanned.

  • Add a name, access level, and enforcement level: ZENworks security policies require a name to be assigned to the device. You can add a name, or let ZENworks Control Center provide a name during the import. For the USB Connectivity and Data Encryption policies, the default format provided by the ZENworks Control Center import is USBDevice-dd-mm-yyyy hh-mm-ss-x , where x is a sequentially incremented number for each device imported during a single second. For the Storage Device Control policy, the default format provided by the ZENworks Control Center import is Storage_Device-dd-mm-yyyy hh-mm-ss-x

    The USB Devices default access level upon import for USB Connectivity and Storage Device Control policies is Default Access. You can change the levels as needed. The Data Encryption policy does not use an enforcement level, so access level is ignored. Access mapping upon import, from a Device Scanner file to a USB Connectivity policy or a Storage Device Control policy, is defined below:

    Device Scanner Setting

    USB Device and Preferred Device Setting

    Allow

    Enable

    Block

    Disable

    Always Allow

    Enable

    Default Access

    Default Device Access

    No mapping

    Read Only *

    * Preferred Device Access setting on a Storage Device Control policy only.

  • Add a device entry: If you need to add a device that is not available to scan, you can manually add the device data.