We are working on locking down USB storage devices and creating a pool of “approved devices”. Using the Device Control Wizard you can set the exceptions in there, but once the task is created, I don’t see a way to update that approved devices list should we need to at a later date, without creating a whole new task. Any ideas?
I don’t know much about this, but it should be possible to write custom content that appends to the list of approved devices only if the specific item it is appending is missing from the list. You could have many of these tasks all running as a policy and make new ones to add to the list.
It looks like, if I copy the formatting inside the action, I can add more devices, but there’s no good way to make the changes get checked for relevancy. I’d essentially have to make a whole new task to append it.
Maybe I’m still going about it the wrong way, but it seems messy.
1 Like
I personally would take a list of devices and create single tasks for each using the REST API with the relevance generated to see if that device is there already or not.
I would then bundle them all into a baseline and run them together. Only the ones that are missing would run, and the others would be skipped.