Rationale

USB devices such as pen drives, wireless controllers, or printers can be used to steal data or to execute unauthorized software or even malware. Deactivating as many USB device classes as possible increases security.

Instructions

To enable and configure USB access control:

  1. In IGEL Setup, go to Devices > USB Access Control.
  2. Check Enable.

    The activation of USB Access Control and setting the Default rule to Deny will block the use of USB devices locally and in the session and, thus, might disable devices needed for the users. Therefore, activate the USB access control only if your security policy requires that. In this case, set Default rule to Deny and configure Allow rules for the required USB devices and USB device classes. 

    It is recommended to make settings for USB Access Control as the last step in the device configuration. Before activating the USB access control, check that all your other settings for printers, Unified Communication, USB redirections, mapping settings for USB devices are working as expected.

    Note that the USB access control is completely separate than USB redirection for remote sessions, see When to Use USB Redirection.

    Take also notice that the feature does not disable a USB port physically, i.e. power delivery will still work.

  3. Set Default rule to Deny.
    In combination with the preconfigured rule that allows Human Interface Devices (HID), no USB devices apart from e.g. mouse and keyboard are allowed.
  4. Configure further rules as needed. For instructions, see How to Configure USB Access Control.
  5. Click Apply.
  6. Reboot the device.