Video Solution for How to Configure USB Port Security with Desktop Authority
1. Under the Client Configuration, first select Profiles and then the User tab. With the profile expanded, scroll down and select the USB/Port Security object.
2. Begin by clicking “Add”. This will create a new element. The option to edit Settings tab will now be available.
3. In the Settings tab, there is an Install and Remove button. The Install button will install the client machine with USB/Port Security agent that will allow or deny access to the client USB ports. The Remove button will uninstall all USB/Port Security files on the client machine.
Below are two options, Show Desktop Task Bar Icon and Show Balloons on Desktop. Both are checked by default.
4. In the lower left section, custom permission sets can be created. The Default permission should be left unchanged as it serves as a base model to build upon. Modifying this permission set may block devices whether the user runs slogic or not. Leaving the Default permission set to allow all devices will allow devices to be usable to users not listed in the Permission set. To create a new permission set, click the “Add” button above Permission Set. A new permission set is listed and can be renamed. By default, only 10 items per page are listed. This number may be increased to view more settings per page or select the arrows on the left to navigate to the next page.
5. In the lower right section of the Settings tab, users or groups can be added to the permission sets.
6. When configuring the permissions is complete, click on the “Confirm” button to save and complete creating the permission set. To change permissions, select the permission set and select “Edit”. Press “Confirm” when finished.
7. The Logging tab provides Data Collection options for USB/Port Security. Before data can be collected, the Data Collection element must be enabled in the Computer Profile. Under Client Configuration, select Profiles | Computer, expand the profile and navigate to the Data Collection object. Click the “Add” button to create a new element. In the settings tab, the “Collect client hardware information” and the “Collect USB/Port Security information” check box must be selected. Click “Save” to complete creation on element.
8. In the USB Device Exceptions, specific devices can be allowed or denied based on its VID and PID. To add an exception, click the “Add” button. Select the action to Deny or Allow, and enter information regarding the device. Click Confirm when you are finished. Device exceptions can be backed up by selecting the “Export” option and choosing the allowed or denied device exceptions to be exported to a CSV file. To import the CSV file, click the Import button and select allowed or denied devices. Browse to the location of the CSV file. To look up the VID and PID of a device, go to the Device Manager. Locate the device in the list of components. Right-click on it and choose Properties. From the Properties dialog, select the Details tab. The VID and PID can be found in the Device Instance Id.
9. Select the Administrative Override tab to configure a password for the ability to temporarily override restricted device settings on the client computer. The “Enable override” box must be selected to see the Disable Restrictions option on the client workstations. This may be done on the client machine by right clicking the USB/Port Security icon in the system tray and select Disable Restrictions from the popup menu. Override dialog box will appear asking for administrator password. Enter password and press OK. A balloon will appear from the system tray informing that restrictions have been temporarily disabled. From this popup menu, the permissions that have been applied to the client machine can be viewed by selecting See My Permissions.
10. Select the Validation Logic tab to set the validation rules to client machines for this element.
11. Select the Notes tab to provide information regarding this element.