HP ProtectTools security software 2011 - Technical white paper
Advanced Settings
Device Administrators Group
When Device Access Manager is installed, a Device Administrators group is created. This group is
used to exclude trusted users from the restrictions imposed by a Device Access Manager policy.
Trusted users usually include system administrators.
Simple Configuration
Simple Configuration enables or denies access to certain major categories of devices to users that are
not part of the Device Administrators group. The Simple Configuration option is a collection of
common options that can be configure with a single selection (Figure 9).
Figure 9. Device Access Manager for HP ProtectTools Administrative Console
Device Class Configuration
The Device Class Configuration option is where the true power of Device Access Manager lies. Using
Device Class Configuration, policies can easily be created to implement complex security
requirements as well as complex business processes. Using Device Class Configuration, IT Managers
can create device and peripheral usage profiles based on the individual user, user type, individual
device or device class. Device Access Manager for HP ProtectTools allows all devices for all users by
default. This ensures a normal experience for users who don’t require device control. If device control
is needed, Device Access Manager creates a black list of devices for individual users, or a class of
users. Through Device Class Configuration, Device Access Manager presents a device tree view
derived from the Windows Device Manager. Individual devices or an entire class of devices from the
device tree can be selected. Access to the selected device can then be restricted by applying the
policy to selected users or class of users. This level of configurability enables new client usage models,
as described in the scenarios below: