How to set varied access permissions for generic removable devices and encrypted volumes for the same user account
DESCRIPTIONThis article provides an example on how to configure read-only access to specific file types on every USB flash drive, and full access to specific file types in an encrypted volume located on a specific USB flash drive for the same user.
TASKAllow a user read-only access to e.g. MS Word documents on any USB flash drive + full access to MS Word files in e.g. TrueCrypt volume that is stored on a specific USB flash drive.
HOW-TO1. Enable TrueCrypt integration in ‘Service Options’-> ‘Encryption’;
2. Configure Removable permissions as below:
System: Full Access
3. Configure USB Port permissions as below:
System: Full access
3. Add encrypted flash drive to USB Devices White List for the user with "Control as type" flag checked;
4. Create the following Content-Aware rule for the user:
Applies to - Permissions
Device Type(s) - Removable
Actions- Generic: ALLOW READ,
Encrypted: ALLOW READ, ALLOW WRITE
*Normally, the user would need at least read-only access on ‘Generic’ Removable level to access file-hosted container, but since content-aware rules are configured to grant the user read-only access to some file type(s) on generic level, the encrypted volume will be accessible.
**This configuration is applicable for allowing full access to specific file types on certain Generic removable flash drives as well.