Configuring device category access permissions

7 Customizing the default protection policy : 7.5 Configuring device category access permissions

7.5

Configuring device category access permissions

By default, no users and privileges are preconfigured in the protection policies that ship with GFI EndPointSecurity. This means that after deploying a default protection policy on a target computer, all users will be denied access to portable devices.

GFI EndPointSecurity allows you to assign access, read and write privileges (over supported portable devices) to any user and user group that is a member of the Active Directory (AD) or local users and groups schema. You can do this on a protection policy by policy basis.

To configure users and privileges for device categories in a protection policy:

1. Click on the Configuration tab

2. Click Protection Policies

3. From the left pane, select the protection policy to configure

4. Click on the Security sub-node

5. From the left pane, click Add new permission(s)

Screenshot 59 - Add permissions for device categories

6. Select the Device categories option and click Next to continue

Screenshot 60 - Select device categories

7. Select the device categories for which to configure permissions and click Next to continue

Screenshot 61 - Add users or groups

8. Click Add to specify the user(s)/group(s) which will have access to the device categories you specified

Screenshot 62 - Add permissions

9. Assign read/write privileges for each user/group you specified. Click Finish to finalize your settings.

10. Deploy the protection policy updates on to the computers included in the policy. From the left pane, right-click on the protection policy you configured and select Deployment ► Deploy agent(s).

NOTE: You can also use the keyboard shortcut CTRL + D to perform this step.