deviceTRUST Property Filters
deviceTRUST allows granular control of the properties which are collected either on the remote device or on the local machine. Each set of related properties is grouped together into a single filter policy in one of the following policy folders:
-
COMPUTER CONFIGURATION\ADMINISTRATIVE TEMPLATES\DEVICETRUST\PROPERTIES\DEVICE FILTERfor remote device. -
COMPUTER CONFIGURATION\ADMINISTRATIVE TEMPLATES\DEVICETRUST\PROPERTIES\HOST FILTERfor local machine.
All DEVICE properties are enabled by default only if they are used within a context or action within the deviceTRUST policy, resulting in them being read, communicated (for remote devices), made available on the host as environment variables or registry keys, and audited to the Windows Event Log.
As with the DEVICE properties, most HOST properties are also enabled only if they are used within a context or action within the deviceTRUST Policy. However, the following HOST properties are always enabled:
- CUSTOM
- DEVICETRUST
- REMOTECONTROL
By enabling or disabling the filter policy, or by selectively enabling or disabling individual properties, the availability of each property can be limited as shown in the following table.
| Read from Local or Remote Device | Communicated Remotely | Available on Host | |
|---|---|---|---|
| Enabled by default policy | Yes | Yes | Yes |
| Used within context or actions | Yes | Yes | Yes |
| Not used within context or actions | No | No | No |
| Selectively disabled | Yes | No | No |
| Policy disabled | No | No | No |
The PERSISTENCE setting within the DEVICETRUST CONSOLE allows control of which properties are written to the Windows Event Log, the Windows Registry, available within the Command Prompt and as Environment Variables.