Reference Guide
Security Management Server v10.2.11 AdminHelp
Month
Infinite
Suppress
Not Selected
When Selected, an automatic reboot is suppressed indefinitely.
Port Control
System
Disabled
Enable or Disable all Port Control System policies. If this
policy is set to Disable, no Port Control System policies are
applied, regardless of other Port Control System policies.
All PCS policies require a reboot before the policy takes
effect.
Port: Express
Card Slot
Enabled
Enable, Disable, or Bypass ports exposed through the Express
Card Slot.
Port: USB Enabled
Enable, Disable, or Bypass port access to external USB ports.
Note: USB port-level blocking and HID class-
level blocking is
only honored if we can identify the computer chassis as a
laptop/notebook form-factor. We rely on the computer's BIOS
for the identification of the chassis.
Port: eSATA
Enabled
Enable, Disable, or Bypass port access to external SATA ports.
Port: PCMCIA
Enabled
Enable, Disable, or Bypass port access to PCMCIA ports.
Port: Firewire
(1394)
Enabled
Enable, Disable, or Bypass port access to external Firewire
(1394) ports.
Port: SD
Enabled
Enable, Disable, or Bypass port access to SD card ports.
Port: Memory
Transfer
Device (MTD)
Enabled
Enable, Disable, or Bypass access to Memory Transfer Device
(MTD) ports.
Class: Storage
Enabled
PARENT to the next 3 policies. Set this policy to Enabled to
use the next 3 Subclass Storage polices. Setting this policy
to Disabled disables all 3 Subclass Storage policies - no
matter what their value.
Subclass
Storage:
External Drive
Control
Full Access
CHILD of Class: Storage. Class: Storage must be set to Enabled
to use this policy.
This policy interacts with the
EMS Access to unShielded Media
policy. If you intend to have Full Access to media, also set
this policy to Full Access to ensure that the media is not set
to read only and the port is not blocked.
Full Access: External drive port does not have read/write data
restrictions applied
Read Only: Allows read capability /write data is disabled
Blocked: Port is blocked from read/write capability
This policy is endpoint-
based and cannot be overridden by user
policy.
Subclass
Storage:
Optical Drive
Control
UDF Only
CHILD of Class: Storage. Class: Storage must be set to Enabled
to use this policy.
Full Access: Optical Drive port does not have read/write data
restrictions applied
UDF Only: Blocks all data writes that are not in the UDF
format (CD/DVD burning, ISO burning). Read data is enabled.
Read Only: Allows read capability. Write data is disabled
Blocked: Port is blocked from read/write capability
This policy is endpoint-
based and cannot be overridden by user
policy.
Universal Disk Format (UDF) is an implementation of the
specification known as ISO/IEC 13346 and ECMA-167 and is an
open vendor-
neutral file system for computer data storage for
a broad range of media.
To encrypt data written to CD/DVD media:
Set EMS Encrypt External Media = Selected, EMS Exclude CD/DVD
Encryption = Not Selected, and Storage Class: Optical Drive
Control = UDF Only.
Subclass
Storage:
Floppy Drive
Control
Read Only
CHILD of Class: Storage. Class: Storage must be set to Enabled
to use this policy.
Full Access: Floppy Drive port does not have read/write data
restrictions applied
159