65869: DeviceLock DLP: How to set varied access permissions for generic removable devices and encrypted volumes for the same user account

use Google Translate

Applies to: 

Last update: Tue, 2020-11-17 13:14

Description

This article provides an example on how to configure read-only access to specific file types on every USB flash drive, and full access to specific file types in an encrypted volume located on a specific USB flash drive for the same user.

This configuration is applicable for allowing full access to specific file types on certain Generic removable flash drives as well.

Task

Allow a user read-only access to e.g. MS Word documents on any USB flash drive + full access to MS Word files in e.g. TrueCrypt volume that is stored on a specific USB flash drive.

How-to

  1. Enable TrueCrypt integration in the Service Options-> Encryption
  2. Configure permissions on Removable: System - Full Control
  3. Configure USB Port permissions: System - Full Control
  4. Add encrypted flash drive into USB Devices White List for a user/group with Control as Type flag checked
  5. Create the following Content-Aware rule for the user:
  • Applies to: Permissions
  • Device Type(s): Removable
  • Actions: Generic: Allow Read, Encrypted: Allow read, Allow Write.
Normally, the user would need at least read-only access on ‘Generic’ Removable level to access file-hosted container, but since content-aware rules are configured to grant the user read-only access to some file type(s) on generic level, the encrypted volume will be accessible.