4 Replies Latest reply on Sep 12, 2014 5:07 AM by ninjaneer68

    Mass storage Devices Rules




      i hve created 02 groups of users in my domain; a) Restricted Users, Mass  storage is blocked for this user group, b) previllaged Users that can use mass  storage.


      now what i need to configure is that ;


      ( i )          Restricted users can never use mass storage

      (ii )          Previllaged users can use only  mass storage devices that are  registered with DLP (with Serial Numbers).

      ( iii )        To monitor the data being transfered from Mass storage devices  to computers or from computers to mass storage devices by previllaged users.


      any help in this regards will be appriciated.....




      best regards

        • 1. Re: Mass storage Devices Rules



          You can use the following configuration :-


          1) For privileged users:-

                    Create Removable storage Device rule

                         Include all Removable storage Devices

                         Exclude the ones that you want to allow.

                    Create a Removable storage protection rule

                         Monitor action     (This will monitor all files being copied to all removable storage devices)

          2) For restricted users :-

                    Create a Removable Storage Device Rule

                             Include all Removable Storage Devices




          Hope I could help.



          • 2. Re: Mass storage Devices Rules

            thnx Jayant Lakhotia

            • 3. Re: Mass storage Devices Rules

              I know this is an old question but here is another way to get this to work


              Create 2 User Assignment Groups (UAG)

              UAG1 (this needs to be all in one UAG) Unclude all Domain Users, Exlude Allowed USB Users

              UAG2 Include Allowed USB Users


              Create Device Definitions

              DD1 - All USB Devices

              DD2 - Allowed USB Devices


              Create 2 Rules


              Rule 1 - Include DD1, BLOCK, Add UAG1

              Rule 2 - Iinclude DD1, Exlude DD3, BLOCK, Add UAG2


              This will block all USB devices to everyone and exclud the allowed users

              The 2nd Rule is to monitor the allowed users, it will only allow the USBs with serial numbers and block all other USB's from them.


              Hope this helps

              • 4. Re: Mass storage Devices Rules

                does the Removable storage protection rule only work in Full DLP ? Does it work on DCM license ?