Using Administrative Utility

Administrative Utility

The administrative utility allows configuring policy actions (note that you need sufficient administrative rights to do it). It can be found in the Start -> USB for Remote Desktop menu.

Session Tree

Administrative Utility

The main program window displays a list of active user sessions. Each session contains a list of USB devices available for connecting by the user (the same list that is displayed in tray context menu in the user session). Each device contains a list of policies (if any) applied to the device.

Sessions

For each session it's possible to refresh Policy Storage (it makes sense if the user is a domain user and the Domain Storage is used, and you want to apply new policy actions from the Domain Storage immediately).

refresh Policy Storage

In case of refreshing, the Policy Storage will be refreshed for every user of the same domain.

Devices

It's possible to disconnect a selected device (if the device is currently connected).

disconnect a selected device

In case of a disconnect, the logged user is still able to connect the device via tray context menu.

Also, it's possible to add/modify policy for the selected device. When "Add Policy" is selected, it creates a new device group for that device (if it doesn't exist), adds Allow policy for that device and opens Device Access Policies Dialog (so that the Administrator does not need to enter device properties manually).

Policies

In order to modify the selected policy, open Device Access Policies Dialog (double-click on the policy or use context menu).

Policy Editor

There are several ways to access the Device Access Policies dialog:

  • In program menu click Program, then Show Policies.
  • In main window, select USB device. Then in program menu click Edit -> Add Policy for Device...
  • In main window, select USB device. Then use right-click context menu Add Policy....
Select Policy Storage

First of all, choose the proper Policy Storage (Local Policy or Domain Policy).

In case Use only local storage setting is active, domain policy is not used by the program, so the dialog is not displayed and the Local Policy Storage is used.

Domain-Policy Connection

Domain
Full DNS name of the domain. NetBIOS names are not supported. In the most cases, the list of domains is detected automatically, so you can select the proper domain name from the drop-down list.
User name
Name of the user to access the Active Directory database. If empty, the current username will be used. The following formats are supported: "User Principal Name" (User@Domain) and "Down-Level Logon Name" (Domain\User). In case the domain part is not specified, Domain field is used as the domain name.
Password
Password for the user.
DC name
DNS name of server DC "server:port" or "server". If not specified, the proper DC server is selected automatically.

If the selected storage does not exist, you'll be prompted to create it.

Create Local Storage

Predefined device groups with predefined policies (Allow for Everyone) are created automatically in the newly created storage.

Device Access Policies Dialog

Pre-defined device groups with pre-defined policies

The dialog consists of 2 columns. The left column contains the list of USB devices and USB device groups. You can define new device groups, modify and remove existing ones. The right column contains the list of Access Policies for the selected USB device group. You can add new policies or modify and remove existing ones.

Defining Device Groups

In order to add a new device or device group you need to specify it using the following parameters:

VID
Vendor ID.
PID
Product ID.
Serial
Device serial number.
Class
Device class.
Subclass
Device subclass.
Protocol
Device protocol.

These parameters are not mandatory, so it's OK to specify just several of them leaving others by default.

Also you need to specify a unique name for the device group.

Edit Device Group

Creating several groups with the same values of the parameters is not allowed.

Creating Account Policies

Each Device Group may contain several Account Policies (each Account Policy describes the action for a specified user or user group). To add a new policy, specify the user account and select the policy action.

User accounts format:

Account Local account
Account@Domain Domain account
Account\Domain Well known group
SID Cannot get account name

For specifying the account name, the standard Windows dialog is used:

Specify the Account Name

Testing Effective Policy

Sometimes, especially in complex configurations, it's useful to have a tool allowing you to check access policy for a specified USB device for a specified user.

Testing Effective Policy

Just select the proper USB device group in the drop-down list and specify the user account and it will show the effective Policy Action.