Submit a ticketCall us

WebinarUpcoming Webinar: Should I Move My Database to the Cloud?

So you’ve been running an on-premises SQL Server® for a while now. Maybe you’ve moved it from bare metal to a VM, and have seen some positive benefits. But, do you want to see more? If you said “YES!”, then this session is for you, as James Serra will review the many benefits that can be gained by moving your on-prem SQL Server to an Azure® VM (IaaS). He’ll also talk about the many hybrid approaches, so you can gradually move to the cloud. If you are interested in cost savings, additional features, ease of use, quick scaling, improved reliability, and ending the days of upgrading hardware, this is the session for you.

Register now.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Configure USB Defender to allow or disallow specific user account

Configure USB Defender to allow or disallow specific user account

Table of contents
Created by Christine Magbuo, last modified by Bob Goh on Jun 28, 2016

Views: 1,002 Votes: 0 Revisions: 6

Updated June 15, 2016

Overview

This article provides steps on how to configure USB Defender to allow or disallow a specific account. By default, the Detach Unauthorized USB Device rule detaches any USB devices that are not specified in the Allowed USB Devices User Defined Group. 

Environment

  • All LEM versions
  • USB Defender

Steps

  1. In LEM console, Go to Build Tab > Rules.
  2. Edit or Clone your default 'Detach Unauthorized USB Device' rule.
  3. Add an additional condition in the Correlations section that looks like:
    SystemStatus.SourceAccount = YOUR_ACTUAL_SOURCEACCOUNT (EQUAL sign to include) 
    or
    SystemStatus.SourceAccount != YOUR_ACTUAL_SOURCEACCOUNT (NOT EQUAL sign to exclude)

 

Note: YOUR_ACTUAL_SOURCEACCOUNT can be verifed when you go to Monitor Tab > Choose any specific events (Ex. User Logon) > Select any events > Look under Event Details Box > SourceAccount. Your rule will be based on the SourceAccount you see there.

 

Last modified

Tags

Classifications

Public