Reference Guide
Manage Policies
174
Port Control System policies.
All PCS policies require a reboot before the policy takes effect.
Port: Express Card
Slot
Enabled Enable, Disable, or Bypass ports exposed through the Express Card Slot.
Port: USB Enabled
Enable, Disable, or Bypass port access to external USB ports.
Note: USB port-level blocking and HID class-level blocking is only honored
if we can identify the computer chassis as a laptop/notebook form-factor.
We rely on the computer's BIOS for the identification of the chassis.
Port: eSATA
Enabled
Enable, Disable, or Bypass port access to external SATA ports.
Port: PCMCIA
Enabled
Enable, Disable, or Bypass port access to PCMCIA ports.
Port: Firewire
(1394)
Enabled Enable, Disable, or Bypass port access to external Firewire (1394) ports.
Port: SD
Enabled
Enable, Disable, or Bypass port access to SD card ports.
Port: Memory
Transfer Device
(MTD)
Enabled Enable, Disable, or Bypass access to Memory Transfer Device (MTD) ports.
Class: Storage Enabled
PARENT to the next 3 policies. Set this policy to Enabled to use the next 3
Subclass Storage polices. Setting this policy to Disabled disables all 3
Subclass Storage policies - no matter what their value.
Subclass Storage:
External Drive
Control
Full Access
CHILD of Class: Storage. Class: Storage must be set to Enabled to use this
policy.
This policy interacts with the EMS Access to unShielded Media policy. If
you intend to have Full Access to media, also set this policy to Full Access
to ensure that the media is not set to read only and the port is not blocked.
Full Access: External drive port does not have read/write data restrictions
applied
Read Only: Allows read capability /write data is disabled
Blocked: Port is blocked from read/write capability
This policy is endpoint-based and cannot be overridden by user policy.
Subclass Storage:
Optical Drive
Control
UDF Only
CHILD of Class: Storage. Class: Storage must be set to Enabled to use this
policy.
Full Access: Optical Drive port does not have read/write data restrictions
applied
UDF Only: Blocks all data writes that are not in the UDF format (CD/DVD
burning, ISO burning). Read data is enabled.
Read Only: Allows read capability. Write data is disabled
Blocked: Port is blocked from read/write capability
This policy is endpoint-based and cannot be overridden by user policy.
Universal Disk Format (UDF) is an implementation of the specification
known as ISO/IEC 13346 and ECMA-167 and is an open vendor-neutral file
system for computer data storage for a broad range of media.
To encrypt data written to CD/DVD media:
Set EMS Encrypt External Media = Selected, EMS Exclude CD/DVD
Encryption = Not Selected, and Storage Class: Optical Drive Control = UDF
Only.
Subclass Storage:
Floppy Drive
Control
Read Only
CHILD of Class: Storage. Class: Storage must be set to Enabled to use this
policy.
Full Access: Floppy Drive port does not have read/write data restrictions
applied
Read Only: Allows read capability. Write data is disabled
Blocked: Port is blocked from read/write capability
This policy is endpoint-based and cannot be overridden by user policy.
Class: Windows
Portable Device
(WPD)
Enabled
PARENT to the next policy. Set this policy to Enabled to use the Subclass
Windows Portable Device (WPD): Storage policy. Setting this policy to
Disabled disables the Subclass Windows Portable Device (WPD): Storage
policy - no matter what its value.
Control access to all Windows Portable Devices.
Subclass Windows
Portable Device
Full Access
CHILD of Class: Windows Portable Device (WPD) . Class: Windows Portable
Device (WPD) must be set to Enabled to use this policy.