Using USB Device Control

Rationale

USB devices such as pen drives, wireless controllers, or printers can be used to steal data, execute unauthorized software, or introduce malware. Disabling or restricting as many USB device classes as possible significantly improves system security.

Instructions

To enable and configure USB access control:

1. In IGEL Setup, go to Devices > USB Access Control.

2. Activate Enable.

Activating USB Access Control and setting the Default rule to Deny will block all USB devices locally and in sessions. This may also disable devices required by users.

→ Enable USB Access Control only if your security policy requires it. In that case, set Default rule to Deny and configure Allow rules for the necessary USB devices or classes.

Recommendation: Configure USB Access Control as the final step of your device setup. Before activating it, verify that all configurations for printers, unified communications, USB redirection, and device mappings function as intended.

Note:

• USB Access Control is completely separate from USB Redirection used in remote sessions. For guidance, see When to Use USB Redirection.

• This feature does not physically disable a USB port, i.e power delivery will still function.

3. Set Default rule to Deny.

In combination with the preconfigured rule allowing Human Interface Devices (HID), only essential peripherals such as the mouse and keyboard will remain functional.

4. Configure additional rules as needed.
   For details, see USB Access Control in IGEL OS 12.

5. Click Save.

6. Reboot the device.

The IGEL Advanced Device Redirection USB app (additional license required) also includes controls for USB devices.
Learn more: IGEL Advanced Device Redirection USB