This folder contains the Removable Devices and Network Locations subfolders. Settings in these subfolders determine whether a user is allowed to save or copy files to removable devices, writable CD or DVD drives, or network locations.
These settings refer to removable devices such as USB flash drives and writable CD or DVD drives. Note that the CFSA automatically detects writable CD or DVD drives and applies the default handling (see below).
This setting instructs the CFSA to handle a fixed drive as if it were a removable drive. For example, some external hard disks declare themselves as being a fixed drive, when in fact they are easily removable. Ordinarily, the CFSA would not apply policy to files being saved to these drives. To close this loophole, you can explicitly identify these drives as removable.
Note: CD and DVD drives are automatically recognized as removable devices. You do not need to manually add these drives to this setting.
These applications are exempted from CFSA control. That is, users are permitted to copy files to removable devices using these applications. For example, you may not need to monitor an in-house system application that always encrypts files when saving.
When you add an application, you must supply its executable or process name, such as Winword.exe.
Note: Trusted applications override any device filters. That is, a user can copy a file directly from a trusted application to a removable device, even if the handling for that device blocks such copy operations.
This setting determines whether a removable device (or a writable CD/DVD drive) is writable or read only. It applies to any unlisted device (that is, not on the Special Device List). The available actions are the same as for Handling for Special Devices (see below)
These are removable devices (or writable CD/DVD drives) that require special handling by the CFSA. You can either identify the devices you want the CFSA to control or the ones you want it to ignore.
Device names are shown in the Windows Device Manager applet. You can also see them in Windows Explorer; when you view the properties of a removable drive, the device name is listed in the Hardware tab of the Properties dialog. If required, you can use ? and * wildcards.
This setting determines whether removable devices in the Special Device List are writable or read only. The available actions are:
If the user attempts to copy a file to a listed device using a policy-enabled application, policy is applied to the file using Data In Motion triggers.
Note: If the user is using a trusted application, copy operations are always permitted. If they are using any other application, the copy operation is blocked; that is, the device is set to read only.
The user is allowed to copy files to listed devices. Policy is not applied.
The user is not allowed to copy files to listed devices (unless they are using a trusted application). Policy is not applied.
These settings determine whether a user is allowed to save or copy files to network locations such as shared folders.
This works the same way as the Trusted Applications List setting in the Removable Devices folder. Users can save files to any network location if they are using a trusted application.
This setting determines whether a network location is writable or read only. It applies to any unlisted location (that is, not on the Special Locations List). The available actions are the same as for Handling for Special Locations (see below)
These are the network locations that require specific handling by the CFSA. You can either identify the devices you want the CFSA to control or the ones you want it to ignore.
When you specify a network location, you must supply the UNC path, for example:
\\UX-FILESVR-01\New Project\Reports
This setting determines whether network locations in the Special Locations List are writable or read only. The available actions are:
If the user attempts to copy a file to a special location using a policy-enabled application, policy is applied to the file using Data In Motion triggers.
Note: If the user is using a trusted application, copy operations are always permitted. If they are using any other application, the copy operation is blocked; that is, the location is set to read only.
The user is allowed to copy files to special locations. Policy is not applied.
The user is not allowed to copy files to special network locations (unless they are using a trusted application).
|
Copyright © 2012 CA.
All rights reserved.
|
|