Endpoint Protection

Hi All,

The client I support wishes to enforce the use of only encrypted USB mass storage devices. I have created the relevant device control policy which works fine and this is currently going through UAT testing.

There have been several encrypted devices approved for use by the client and I have successfully added these as expections to the policy, but the issue I have is that I cannot simply roll this policy out to the live environment (circa 17,000 users) as I don't want to block access to other encrypted devices which are in use but unkown to me. As a result I was hoping to roll the device control policy out in 'log only' mode to collate a list of devices IDs for units currently in use but it would appear that you can only do this with application control policies; application control policy logs unfortunately don't report device IDs.

So, is there some way to utilise SEP11 logging to collate a list of USB mass storage device IDs?

Thanks,

Pete

As far as I am aware there is not a way to log device ID's like this.

The only way I know of us to use the tool in the unsupported folder to get the ID of whatever is currently connected to the machine.

Thanks John, could we keep this open in case someone else might have a suggestion please?

Sure Pete_ACC.

FYI, as far as I'm aware these threads never get closed/locked. They may fall back a few pages but it'll always be here :D

Well in that case I'll give it a bump ;) Thanks.

I wish this was possible to collect the IDs but I've never found it if it is.

Now when one of our users can't use their USB device, local IT will send me a note and I will add the Device ID and everyone is happy again. Not sure of any other way to do it.

A third party software such as DeviceLock can do it.

Actually Brian, the Devicelock PnP Auditor Utility might just do the trick! Thanks for that.

Pete