Advanced Permissions for Storage Devices
Advanced permissions apply when you grant limited permissions to storage devices. The permission can be any of the following:
Modify
Read and execute
Read
List device content only
You can keep the permissions limited but grant advanced permissions to certain programs on the storage devices and on the local computer.
To define programs, configure the following program lists.
Program List |
Description |
Valid Inputs |
---|---|---|
Programs with read and write access to devices |
This list contains local programs and programs on storage devices that have read and write access to the devices. An example of a local program is Microsoft Word (winword.exe), which is usually found in C:\Program Files\Microsoft Office\Office. If the permission for USB storage devices is "List device content only" but "C:\Program Files\Microsoft Office\Office\winword.exe" is included in this list:
|
Program path and name For details, see Specifying a Program Path and Name. |
Programs on devices that are allowed to execute |
This list contains programs on storage devices that users or the system can execute. For example, if you want to allow users to install software from a CD, add the installation program path and name, such as "E:\Installer\Setup.exe", to this list. |
Program path and name or Digital Signature Provider For details, see Specifying a Program Path and Name or Specifying a Digital Signature Provider. |
There are instances when you need to add a program to both lists. Consider the data lock feature in a USB storage device, which, if enabled, prompts users for a valid user name and password before the device can be unlocked. The data lock feature uses a program on the device called "Password.exe", which must be allowed to execute so that users can unlock the device successfully. "Password.exe" must also have read and write access to the device so that users can change the user name or password.
Each program list on the user interface can contain up to 200 programs.