Skip to main content

Why are mobile devices not blocked by removable media policy? - Kennisbank / ESET Endpoint Encryption - ESET Tech Center

Why are mobile devices not blocked by removable media policy?

Authors list

Problem

Even though you have set your removable media policy to block removable media, connecting a mobile phone, media player or similar device allows you to access its contents.

 

Cause

Devices that are presented through the WPD (Windows Portable Device) interface are not classed as removable media by the operating system and so the filtering of DESlock+ does not apply to them.

 

Solution

A possible solution to stop staff using the media that is presented by WPD is to disable the service responsible on the Workstations as detailed below:

  • Press Windows Key+R.
  • In the Run box enter services.msc then click the OK button.
  • In the list of services, locate the entry named Portable Device Enumerator Service.
  • Right click the entry then click Properties from the context menu.
  • If the service status is started, click the Stop button.
  • Change the Startup type to be disabled.
  • Click the OK button to apply the change.

 

Alternatively it is also possible to set access policy for this style of device via the Group Policy editor. In order to do this: 

  • Press Windows Key+R.
  • In the run box enter mmc gpedit.msc then click the OK button to open the Group Policy Editor.
  • In the navigation pane, the Local Computer Policy is divided into Computer Configuration and User Configuration. Settings are identical in both configurations.
  • Select Computer Configuration or User Configuration based on the who you want to apply the policy to. Computer is for all users, User is the current logged on user.
  • Expand Administrative Templates → System → Removable Storage Access.
  • Double-click the policy setting for WPD, (Windows Portable Devices) that corresponds to the kind of restriction you want enforced (for example, double-click WPD Devices: Deny read access if you want to deny read access to your device). Select the corresponding radio button to Enable or Disable a policy setting.
  • Click OK to save the change.
  • Repeat the previous steps for WPD Devices: Deny write access as required.

 

External Links

Windows Portable Devices: https://msdn.microsoft.com/en-us/library/windows/desktop/dd388998(v=vs.85).aspx

The Apple iPhone is detected as a portable device in Windows Vista/7/2008: http://support.eset.com/kb3046/

 

Keywords: HTC, portable, media, player, samsung, phone, cell, music, phone

Add a comment

Please log in or register to submit a comment.

Need a password reminder?