Copyright © 1E 2022 All Rights Reserved
OS Supported - Microsoft Windows 11, 10
Description
This integrated product pack contains policies and instructions that enable an organization to get the details of USB configuration status (returns Enabled or Disabled) and allows administrators to enable/disable the use of a removable USB storage device on a timed basis.
Key Features:
- Group connected USB peripheral devices. Returns details of installed USB devices. Windows only.
- Enable the use of removable USB storage devices for specified minutes. Instruction intended to be run as part of IPP.
- Enable or disable the use of removable USB storage devices.
- Disable the use of removable USB storage devices if the enabled time has expired.
- Returns Enabled or Disabled as USB status. Windows only.
Setup:
- This Product Pack contains both Rules and instructions.
- Upload this Product pack either with the help of Tachyon Product Pack Deployment Tool.
- A Guaranteed State Policy named Timed disable usage of USB Removable Devices will be created.
- A Guaranteed State Rule named Disable USB Removable Devices will be created.
- An Instruction Set named USB containing all the instructions will be created.
Usage:
- Review the Disable USB Removable Devices rule that will be used to disable the USB Removable Devices if the enabled time has expired.
- Precondition determines if the device is running Windows OS.
- Set Trigger as per your requirement. Validate the check has below instruction to determine if the enabled time has expired and will eject the USB storage devices
- The Fix is optional and would disable the USB storage device if enabled time has expired.
- Enable this rule and assign the Timed disable usage of USB Removable Devices Policy to a management group.
- Deploy this Policy and wait sometime for the policy to be applied to the targeted devices.
- Reports will start generating a few days after policy is deployed and can be viewed in Endpoint Automation application portal. Below is the device state definition information as per their state.
- Compliant state represents devices that have disabled the USB storage device.
- Not applicable are non-windows devices and do not apply the restriction.
- Unknown are devices yet to report their state.
Instruction Set:
Group Windows machines by USB status
This instruction will return the USB status of Windows machines, indicating whether USB is enabled or disabled. (Windows only)
Group connected USB peripheral devices
This instruction will provide details of the installed USB devices that are currently connected to the system. (Windows only)
Use of USB storage devices to <Enable> state
This instruction allows you to enable or disable the use of removable USB storage devices. (Windows only)
Enable use of USB storage device for %Minutes%.
This instruction enables the use of removable USB storage devices for a specified duration in minutes. It is intended to be run as part of an IPP (Instruction Processing Policy) workflow.
Disable use of USB storage devices if enabled time has expired.
This instruction disables the use of USB storage devices if the enabled time period has expired. It also ejects the USB device to ensure it is disconnected from the machine.
Components
1E-Exchange-Get-USBDeviceHistory
Description
Get USB storage deviceHistory
Readable Payload
Get USB storage devices history from storage %StorageName%
1E-Explorer-USBManagement-CheckStatus
Description
Returns Enabled or Disabled as USB status. Windows only.
Readable Payload
Group Windows machines by USB status
What's New
31/07/2023: Implemented a rule to monitor and log USB storage device usage on an endpoint.