Description
This article provides an example on how to configure read-only access to specific file types on every USB flash drive, and full access to specific file types in an encrypted volume located on a specific USB flash drive for the same user.
This configuration is applicable for allowing full access to specific file types on certain Generic removable flash drives as well.
Task
Allow a user read-only access to e.g. MS Word documents on any USB flash drive + full access to MS Word files in e.g. TrueCrypt volume that is stored on a specific USB flash drive.
How-to
- Enable TrueCrypt integration in the Service Options-> Encryption
- Configure permissions on Removable: System - Full Control
- Configure USB Port permissions: System - Full Control
- Add encrypted flash drive into USB Devices White List for a user/group with Control as Type flag checked
- Create the following Content-Aware rule for the user:
- Applies to: Permissions
- Device Type(s): Removable
- Actions: Generic: Allow Read, Encrypted: Allow read, Allow Write.
Normally, the user would need at least read-only access on ‘Generic’ Removable level to access file-hosted container, but since content-aware rules are configured to grant the user read-only access to some file type(s) on generic level, the encrypted volume will be accessible.