Removable storage device rule: device definition AND Excluded users
Within DLP 10 I have configured a Removable Storage Device rule. The Condition applies to all Removable storage devices and is applicable to all users. Under Exceptions I have configured a Device definition to enable a specific type of USB drive to be writable. I have noticed that we are able to define users who are excluded from the device rule. However, it has been requested that the exclusion is applicable to Users who are a member of a particular group AND have the approved USB media. From what I can see this can only be set as an OR. Is this correct or am I able to meet our requirements?
Re: Removable storage device rule: device definition AND Excluded users
Many thanks for coming back and for pointing out the Excluded Serial Number & User pairs exception.
This slightly differs from our original requirements however this approach is actually far more secure. From what I understand this pairs a fully qualified user name with the serial number of a particular device. Our original intention was to pair members of an AD group with the ability to write to a configured device definition. From what I can gather this is not possible. Am I correct?
If this is the case, I intend to propose SN & User pairs. I assume you are able to pair a SN with multiple users?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.