cancel
Showing results for 
Search instead for 
Did you mean: 
Corsar
Level 7
Report Inappropriate Content
Message 1 of 3

DLP 10 - How to implement different Device Control Policies for PC and for Laptops

Jump to solution

Hi,

I am using Device Control DLP 10 with different device rules for removeable storage. I block all unwanted storage devices and I allow with different Active Directory groups some users the access to some devices. So I have one group/rule for USB-Sticks and one group/rule for internal DVD-ROM. Now I have the challenge to allow all user which are using Laptops to use USB-Sticks and DVD-ROM. If they are using PCs this combination should not possible. On PC they should use as defined either USB-Stick or DVD-ROM.

My question is, how can I create a different rule for users on Laptops and on PC. Has anyone an idea?

Thanks in advance.

corsar

1 Solution

Accepted Solutions
McAfee Employee hhoang
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: DLP 10 - How to implement different Device Control Policies for PC and for Laptops

Jump to solution

To elaborate on ar4nier's reply - you may also want to consider creating entirely separate policies as opposed to rule sets.  The policies can then be applied by a policy assignment rule with tag criteria and you can create separate rules for desktops and laptops based on system tags.  EPO has a builtin system property for 'IsLaptop' that you can then use to apply a laptop tag.

2 Replies
Highlighted

Re: DLP 10 - How to implement different Device Control Policies for PC and for Laptops

Jump to solution

You would just need to logically separate your Laptops and PC's in the System Tree and apply separate rule sets to each. Will require you to create 2 separate rule sets in the DLP Policy Manager.

Workstations

     Laptops (apply rule set that allows USB/DVD)

     Desktops (apply rule set that blocks/limits access to USB/DVD)

McAfee Employee hhoang
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: DLP 10 - How to implement different Device Control Policies for PC and for Laptops

Jump to solution

To elaborate on ar4nier's reply - you may also want to consider creating entirely separate policies as opposed to rule sets.  The policies can then be applied by a policy assignment rule with tag criteria and you can create separate rules for desktops and laptops based on system tags.  EPO has a builtin system property for 'IsLaptop' that you can then use to apply a laptop tag.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community