There a many reasons why you might need to modify your device data, including the following:
Create a generic device entry: When a device is added to a security policy, it serves as a filter against which detected devices are compared. The device data, or fields, make up the filter. If a detected device matches the policy’s device filter, the device is either enabled or disabled according to the policy setting.
The more generic a device filter is, the more devices can match it. In most cases, a combination of the following required fields is sufficient to provide accurate matches for a device:
Manufacturer
Product
Friendly Name
Serial Number
Vendor ID
Product ID
The more fields that you include in a device filter, the more you limit the number of matches for that device. If you include all of the fields for a scanned device, you can literally restrict the matches to the specific USB port on the computer where the device was scanned.
Add a name, access level, and enforcement level: ZENworks security policies require a name to be assigned to the device. You can add a name, or let ZENworks Control Center provide a name during the import. For the USB Connectivity and Data Encryption policies, the default format provided by the ZENworks Control Center import is USBDevice-dd-mm-yyyy hh-mm-ss-x , where x is a sequentially incremented number for each device imported during a single second. For the Storage Device Control policy, the default format provided by the ZENworks Control Center import is Storage_Device-dd-mm-yyyy hh-mm-ss-x
The USB Devices default access level upon import for USB Connectivity and Storage Device Control policies is Default Access. You can change the levels as needed. The Data Encryption policy does not use an enforcement level, so access level is ignored. Access mapping upon import, from a Device Scanner file to a USB Connectivity policy or a Storage Device Control policy, is defined below:
Device Scanner Setting |
USB Device and Preferred Device Setting |
---|---|
Allow |
Enable |
Block |
Disable |
Always Allow |
Enable |
Default Access |
Default Device Access |
No mapping |
Read Only * |
* Preferred Device Access setting on a Storage Device Control policy only.
Add a device entry: If you need to add a device that is not available to scan, you can manually add the device data.