Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

261

262

263

264

265

266

267

268

269

270

Manage Policies

258

EMS Device Whitelist

String - Maximum of 150 devices with a maximum of 500 characters per

PNPDeviceID. Maximum of 2048 total characters allowed. "Space" and

"Enter" characters count in the total characters used.

This policy allows the specification of removable media devices to

exclude from encryption [using the device's Plug and Play device

identifier (PNPDeviceID)], thereby allowing users full access to the

specified removable media devices.

More...

This policy is available on an Enterprise, Domain, Group, and User

level. Local settings override inherited settings. If a user is in

more than one group, all EMS Device Whitelist entries, across all

Groups, apply.

This policy is particularly useful when using removable media devices

which provide hardware encryption. However, this policy shoul

d be used

with caution. This policy does not check whether external media

devices on this list provide hardware encryption. Whitelisting

removable storage devices that do not have hardware encrypti

on do not

have enforced security and are not protected.

For

example, the Kingston® DataTraveler® Vault Privacy model enforces

that encryption is enabled to use the device. However, the Kingston

DataTraveler Vault model has an unsecured partition and a secured

partition. Because it is the same physical removable me

dia device with

only one PNPDeviceID, the two partitions cannot be distinguished,

meaning that whitelisting this particular device would allow

unencrypted data to leave the endpoint.

Additionally, if a removable media device is encrypted and is

subsequently added to the EMS Device Whitelist policy, it remains

encrypted and requires a reformat of the device to remove encryption.

The following is an example of a PNPDeviceID, which contains the

manufacturer identifier, product identifier, revision, and hardware

serial number:

To whitelist a removable media device, provide a string value that

matches portions of the device’s PNPDeviceID. Multiple device

PNPDeviceIDs are allowed.

For example, to whitelist all Kingston DataTraveler Vault Privacy

models, input the string:

To whitelist both models of Kingston DataTraveler, the Vault and Vault

Privacy models, input the string:

Space characters are considered part of the substring to match to a

PNPDeviceID. Using the previous PNPDeviceID as an example, a space

before and after the semicolon would cause neither of the substrings

to be matched, because the space character is not part of the

PNPDeviceID.

Instructions...

1. Insert removable media.

2. Open System Profiler.

3. Under Hardware, select t

he device and find the Product ID and

Vendor ID, as follows:

Capacity:2.06 GB (2,055,019,008 bytes)

Removable Media:Yes

Detachable Drive:Yes

BSD Name:disk2

Product ID:0x5406

Vendor ID:0x0781 (SanDisk Corporation)

Version: 0.10

Serial Number:0000188C36725BC8

Speed:Up to 480 Mb/sec