Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1095 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

device control

mightyusb

I have Block every USB storage devices  and modem devises via sophos device control. But for the laptops, when i remove the laptop from the network, still sophos blocks the USB storage devises and Modems.
What can i do for overcome this problem.. if there a way to push policis for 2 profiles

:1887


This thread was automatically locked due to age.
  • 0

    Can you clarify your setup?

    Am I right in either of the below assumptions on your query, I couldn't quite grasp what you were trying to do, therefore one may fit more than the other, or I may be completely wrong but in any case:

    Q1: You have configured your policy to block all USB storage devices and modems via device control but want it to only be active when the laptop is connected to the corporate network?

    A1: As far as I am aware, location awareness is only possible for the Client Firewall and not for device control. I suppose the only way I can think of doing this is to use something like Sophos SafeGuard (but it won't be automatic) and have two domain users (one for when you are "on the network" and one used when you are not).

    - Create a new group in either the SGN Management Console or in AD and link seperate Configuration Protection Policies to each, educate your users that they need to use a different account when they are on the road.

    Q2: You mentioned "but for the laptops ..." are you looking at appying different policy settings for laptops than desktops?

    A2: I suppose you could break you AD OU's down into two different containers, one called Laptops and one called desktops; apply a desktop policy to the desktop OU and a laptop policy to the laptop OU.

    :1908
  • 0

    If your laptops connect to your network via cable then for network devices block bridged does what you want.

    Obviously you don't give your users administrative rights (otherwise they could simply disable device control). Now it is possible to change the policy (without resorting to serious hacking) but quite a number of conditions must be met. And as you also mentioned modems connection to your LAN needs to be via cable.

    Details available on request

    Christian

    :1929
Unfiltered HTML