deviceTRUST for Windows and the deviceTRUST Client Extension for IGEL OS 12 and macOS are now available.
×
Search

Policy category: Device Filter

  1. Policy setting: Query to include device ACCESS POINTS
  2. Policy setting: Query to include device CERTIFICATES
  3. Policy setting: Query to include device DISPLAYS
  4. Policy setting: Query to include device LOGICAL DISKS
  5. Policy setting: Query to include device MAPPED DRIVES
  6. Policy setting: Query to include device NETWORKS
  7. Policy setting: Query to include device PRINTERS
  8. Policy setting: Query to include device SECURITY PRODUCTS
  9. Policy setting: Query to exclude device WINDOWS FIREWALL rules
  10. Policy setting: Filter device ACCESS POINT ssid, bssid, speed, quality, etc
  11. Policy setting: Filter device CELLULAR network, country, roaming, model, vendor, etc
  12. Policy setting: Filter device CERTIFICATE store, name, issuer, subject, etc
  13. Policy setting: Filter device DEVICETRUST version number
  14. Policy setting: Filter device DISPLAY capabilities
  15. Policy setting: Filter device DOMAIN, name, dns, id, join
  16. Policy setting: Filter device ELUX hostid, scout name, ip, version, certificate, etc
  17. Policy setting: Filter device HARDWARE vendor, model, cpu, memory, bios, etc
  18. Policy setting: Filter device IGEL structure tag, servers, certificates, etc
  19. Policy setting: Filter device INPUT keyboard, mouse, pen and touch
  20. Policy setting: Filter device IOS passcode, biometrics, jailbroken
  21. Policy setting: Filter device LOCATION position, address, etc
  22. Policy setting: Filter device LOGICAL DISK type, label, file system, free space, vendor, product, etc
  23. Policy setting: Filter device MACOS iCloud, security, etc
  24. Policy setting: Filter device MACOS FIREWALL enabled, stealth mode, inbound rules, etc
  25. Policy setting: Filter device MACOS UPDATE enabled, version, updates, auto install, etc
  26. Policy setting: Filter device MAPPED DRIVE local, remote, user, etc
  27. Policy setting: Filter device NAME, id, dns, sid, etc
  28. Policy setting: Filter device NETWORK ipv4, ipv6, mac, dns, wifi, etc
  29. Policy setting: Filter device OS name, version, etc
  30. Policy setting: Filter device PASSWORD POLICY min and max age, length, history, etc
  31. Policy setting: Filter device POWER ac, battery, scheme
  32. Policy setting: Filter device PRINTER name, share, port, driver, etc
  33. Policy setting: Filter device REGION time zone, language, locale, keyboard, etc
  34. Policy setting: Filter device REMOTE CONTROL active, protocol, remote ip etc
  35. Policy setting: Filter device REMOTING CLIENT runtime, version, outbound network, plugins, etc
  36. Policy setting: Filter device SCREEN SAVER enabled, secure, timeout and filename
  37. Policy setting: Filter device SECURITY PRODUCT antispyware, antivirus, firewall, name, status, etc
  38. Policy setting: Filter device SMARTCARDREADER name
  39. Policy setting: Filter device USER name, domain, local admin, auth, password age, groups, etc
  40. Policy setting: Filter device WHOIS ip, dns, isp and country
  41. Policy setting: Filter device WINDOWS user access control, smartscreen
  42. Policy setting: Filter device WINDOWS DEFENDER status, last scan, versions, etc
  43. Policy setting: Filter device WINDOWS FIREWALL profile settings, rules, etc
  44. Policy setting: Filter device WINDOWS REGISTRY count, path, value and data
  45. Policy setting: Filter device WINDOWS UPDATE status, last install, pending updates, etc

Policy setting: Query to include device ACCESS POINTS

Defines queries which can be used to discover access points on the remote device.

Access points are included within the properties if they match all of the constraints within any of the queries.

The maximum number of access points is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for SSID and BSSID.
  • Number constraints for Strength, Quality and Frequency.
  • Boolean constraint for Secure.

For example:

  • SSID=’*’ - Queries all access points.
  • SSID=’*’, Secure=’true’ - Queries all secure access points.
  • SSID=’MyNetwork-*’, Strength>=’-50’ - Queries all access points with an SSID beginning with ‘MyNetwork-‘ and with an RSSI signal strength greater than or equal to ‘-50’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value does not return any access points.

Policy setting: Query to include device CERTIFICATES

Defines one or more queries which can be used to find private certificates on the remote device.

Certificates are included within the properties if they match all of the constraints within any of the queries.

The maximum number of certificates is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Store, Name, Subject, Issuer, SignatureAlgorithm, SerialNumber, ThumbprintSha256, Template, ExtendedUsage, Policies, RootName and RootThumbprintSha256.
  • Enum constraint for Location with values CurrentUser and LocalMachine.
  • Enum constraint for Version with values V1, V2 and V3.
  • Enum constraint for VerificationError with values None, CannotBeVerified, Revoked, UntrustedRoot, UntrustedTestRoot, Chaining, Expired, Critical and NoRevocationCheck.
  • Enum constraint for Usage with values EncipherOnly, CrlSigning, CertificateSigning, KeyAgreement, DataEncipherment, KeyEncipherment, NonReduiation, DigitalSignature and DecipherOnly.
  • Enum constraint for TpmKeyAttestation with values None, UserCredentials, HardwareCertificate and HardwareKey.
  • Date constraints for NotBefore and NotAfter.

For example:

  • Template=’CompanyCert’, ExtendedUsage=’1.3.6.1.5.5.7.3.2’ - All certificates assigned by a template containing the name ‘CompanyCert’ for use with client authentication.
  • VerificationError=’*’ - All certificates, regardless of their verification errors.
  • VerificationError=’None;Expired’, Issuer=’TrustedAuthority’ - All valid or expired certificates whose issuer contains the text ‘TrustedAuthority’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value is “Store=’My’, Location=’CurrentUser’, VerificationError=’None’”. Store defaults to ‘My’ unless specified. Location defaults to ‘CurrentUser’ unless specified. VerificationError defaults to ‘None’ unless specified.

Policy setting: Query to include device DISPLAYS

Defines queries which can be used to discover displays on the remote device.

Displays are included within the properties if they match all of the constraints within any of the queries.

The maximum number of displays is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraint for MonitorVendor, MonitorProduct, MonitorSerialNumber, AdapterVendor, AdapterProduct.
  • Number constraints for Width, Height and Bpp.
  • Boolean constraints for MonitorExternal.

For example:

  • Width>=’1024’, Height>=’768’ - Queries all displays which have a width greater than or equal to 1024 pixels, and a height greater than or equal to 768.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default query includes all displays.

Policy setting: Query to include device LOGICAL DISKS

Defines one or more queries which can be used to find logical disks on the remote device.

Logical disks are included within the properties if they match all of the constraints within any of the queries.

Available constraints include:

  • Enum constraints for Type with values Removable, Fixed, PortableDevice, Cdrom and Ramdisk.
  • Enum constraints for Flags with values PreservedNames, CaseSensitiveSearch, DaxVolume, SupportsCompression, NamedStreams, PersistentAcls, ReadOnly, SequentialWriteOnce, SupportsEncryption, ExtendedAttributes, HardLinks, ObjectIds, OpenByFileId, ReparsePoints, SparseFiles, Transactions, UsnJournal, UnicodeFileNames, IsCompressed, SupportsQuotas.
  • Enum constraints for BusType with values SCSI, ATAPI, ATA, IEEE1394, SSA, FibreChannel, USB, RAID, iSCSI, SAS, SATA, SecureDigital, MultimediaCard, Virtual, FileBackedVirtual, StorageSpaces and NVMe.
  • Text constraints for Label, FileSystem, Drive, Path, Name and SerialNumber.
  • Number constraints for TotalMB, FreeMb, Free, VendorId and ProductId.
  • Boolean constraint for Encrypted, Hidden and System.

For example:

  • Drive=’D:,E:,F:,G:’ - Returns any drive mapped to letters D, E, F or G.
  • Type=’Removable’ - Returns only removable disks.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value returns logical disks represented by a path and all portable devices (e.g. Path!=’’ and Type=’PortableDevice’).

Policy setting: Query to include device MAPPED DRIVES

Defines one or more queries which can be used to find mapped drives on the remote device.

Mapped drives are included within the properties if they match all of the constraints within any of the queries.

Available constraints include:

  • Text constraints for Drive, Server, Share, User and Provider.

For example:

  • Drive=’D:’ - Returns any drives mapped to a local D:.
  • User=’DOMAIN*’ - Returns any mapped drives authenticated by a member of the ‘DOMAIN’ domain.
  • Server=’\SERVERNAME’ - Returns any mapped drives using a remote server name of ‘\SERVERNAME’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value returns all mapped drives.

Policy setting: Query to include device NETWORKS

Defines queries which can be used to discover networks on the remote device.

Networks are included within the properties if they match all of the constraints within any of the queries.

The maximum number of networks is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Name, Description, Mac, GatewayMac, WifiSsid, WifiBssid, WifiSecurity and DnsSuffix.
  • Enum constraint for Status with values Up, Down, Testing, Unknown, Dormant, NotPresent and LowerLayerDown.
  • Enum constraint for Type with values Other, Ethernet, PPP, ATM, WiFi, Tunnel, Firewire and Mobile.
  • Enum constraint for Category with values Public, Private and Domain.
  • Boolean constraint for DhcpEnabled and Virtual.
  • Number constraints for Speed and WifiStrength.
  • IpAddress constraints for IPv4, IPv6, IPv4Subnet, IPv6Subnet, Gateway, DNS, WINS and DhcpServer.

For example:

  • DhcpEnabled=’true’, DhcpServer=’192.168.100.1-2’, GatewayMac=’01-02-03-04-05-06-07’ - Matches networks assigned an ip from a DHCP Server of address 192.168.100.1 or 192.168.100.2 configured with a gateway using MAC address 01-02-03-04-05-06-07.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value is “Status=’Up’”. Status defaults to ‘Up’ unless specified.

Policy setting: Query to include device PRINTERS

Defines one or more queries which can be used to find printers on the remote device.

Printers are included within the properties if they match all of the constraints within any of the queries.

The maximum number of printers is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Name, Server, Share, Port, Location, Driver, DriverFile and DriverManufacturer.
  • Boolean constraints for Default, Local, DirectoryPublished and KeepPrintJobs.
  • Enum constraint for Errors with values Paused, Error, PendingDeletion, PaperJam, PaperOut, PaperProblem, Offline, OutputBinFull, NotAvailable, TonerLow, NoToner, CannotPrintPage, UserIntervention, OutOfMemory, DoorOpen, ServerUnknown, ServerOffline and DriverUpdateNeeded.
  • Version constraint for DriverVersion.

For example:

  • Default=’true’ - Returns just the default printer.
  • Share=’\SERVER??*’, Errors=’*’ - Returns printers which have a share matching the wildcard ‘\SERVER??*’ regardless of the error value.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value is “Errors!=’Offline;ServerOffline;NotAvailable’”. Errors defaults to all values except ‘Offline;ServerOffline;NotAvailable’ unless specified.

Policy setting: Query to include device SECURITY PRODUCTS

Defines queries which can be used to discover security products on the remote device.

Security Products are included within the properties if they match all of the constraints within any of the queries.

Available constraints include:

  • Text constraint for Name.
  • Enum constraint for Category with values AntiVirus, AntiSpyware and Firewall.
  • Enum constraint for Status with values Active, Out-Of-Date and Inactive.
  • Date constraint for Timestamp.

For example:

  • Status=’Active’, Category=’AntiVirus’ - Queries all AntiVirus security products with a status of Active.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default query includes all security products.

Policy setting: Query to exclude device WINDOWS FIREWALL rules

Defines one or more queries which can be used to exclude inbound and outbound Windows Firewall rules on the remote device.

Firewall rules are excluded from the properties if they match all of the constraints within any of the queries.

Firewall rules must be enabled, allowed and assigned to an active profile to be included within the results.

Available constraints include:

  • Text constraints for Name, Description, Group, Program, Service, Package, PackageName, PackageDescription, PackageFullName and PortName.
  • Enum constraint for Type with values Program, Package, Service, System and Any.
  • Enum constraint for Direction with values Inbound and Outbound.
  • Enum constraints for Protocol with values Any, HOPOPT, ICMPv4, IGMP, TCP, UDP, IPv6 IPv6Route, IPv6Frag, GRE, ICMPv6, IPv6NoNxt, IPv6Opts, VRRP, PGM, L2TP, or any protocol number from http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml.
  • Enum constraints for Profile with values Domain, Private, Public.
  • Number constraint for Port, with additional option to use * to match rules that target any port.

For example:

  • Direction=’Inbound’, Program=’*\MyApp.exe’, Port>=3000, Port<=3002 - Excludes all inbound traffic to MyApp.exe to ports 3000, 3001 and 3002.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value does not filter the Firewall rules.

Policy setting: Filter device ACCESS POINT ssid, bssid, speed, quality, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_ACCESSPOINT_COUNT
  • DEVICE_ACCESSPOINT_X_SSID
  • DEVICE_ACCESSPOINT_X_BSSID
  • DEVICE_ACCESSPOINT_X_STRENGTH
  • DEVICE_ACCESSPOINT_X_QUALITY
  • DEVICE_ACCESSPOINT_X_FREQUENCY
  • DEVICE_ACCESSPOINT_X_SECURE

Policy setting: Filter device CELLULAR network, country, roaming, model, vendor, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_CELLULAR_TYPE
  • DEVICE_CELLULAR_CLASS
  • DEVICE_CELLULAR_ID
  • DEVICE_CELLULAR_ROAMING
  • DEVICE_CELLULAR_COUNTRY
  • DEVICE_CELLULAR_COUNTRY_CODE
  • DEVICE_CELLULAR_NETWORK
  • DEVICE_CELLULAR_NETWORK_CODE
  • DEVICE_CELLULAR_PRODUCT
  • DEVICE_CELLULAR_VENDOR

Policy setting: Filter device CERTIFICATE store, name, issuer, subject, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_CERTIFICATE_COUNT
  • DEVICE_CERTIFICATE_X_STORE
  • DEVICE_CERTIFICATE_X_LOCATION
  • DEVICE_CERTIFICATE_X_VERSION
  • DEVICE_CERTIFICATE_X_NAME
  • DEVICE_CERTIFICATE_X_SUBJECT
  • DEVICE_CERTIFICATE_X_ISSUER
  • DEVICE_CERTIFICATE_X_SIGNATUREALGORITHM
  • DEVICE_CERTIFICATE_X_SERIALNUMBER
  • DEVICE_CERTIFICATE_X_THUMBPRINT_SHA256
  • DEVICE_CERTIFICATE_X_TEMPLATE
  • DEVICE_CERTIFICATE_X_NOTBEFORE
  • DEVICE_CERTIFICATE_X_NOTAFTER
  • DEVICE_CERTIFICATE_X_USAGE
  • DEVICE_CERTIFICATE_X_EXTENDEDUSAGE
  • DEVICE_CERTIFICATE_X_VERIFICATIONERROR
  • DEVICE_CERTIFICATE_X_ROOT_NAME
  • DEVICE_CERTIFICATE_X_ROOT_THUMBPRINT_SHA256
  • DEVICE_CERTIFICATE_X_POLICIES
  • DEVICE_CERTIFICATE_X_TPM_KEY_ATTESTATION

Policy setting: Filter device DEVICETRUST version number

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to always request the property. Available properties:

  • DEVICE_DEVICETRUST_VERSION

Policy setting: Filter device DISPLAY capabilities

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_DISPLAY_COUNT
  • DEVICE_DISPLAY_X_NAME
  • DEVICE_DISPLAY_X_WIDTH
  • DEVICE_DISPLAY_X_HEIGHT
  • DEVICE_DISPLAY_X_BPP
  • DEVICE_DISPLAY_X_DPI
  • DEVICE_DISPLAY_X_MONITOR_VENDOR
  • DEVICE_DISPLAY_X_MONITOR_PRODUCT
  • DEVICE_DISPLAY_X_MONITOR_SERIALNUMBER
  • DEVICE_DISPLAY_X_MONITOR_EXTERNAL
  • DEVICE_DISPLAY_X_ADAPTER_VENDOR
  • DEVICE_DISPLAY_X_ADAPTER_PRODUCT

Policy setting: Filter device DOMAIN, name, dns, id, join

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_DOMAIN_NAME
  • DEVICE_DOMAIN_DNS
  • DEVICE_DOMAIN_ID
  • DEVICE_DOMAIN_JOIN

Policy setting: Filter device ELUX hostid, scout name, ip, version, certificate, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_ELUX_HOSTID
  • DEVICE_ELUX_INFO1
  • DEVICE_ELUX_INFO2
  • DEVICE_ELUX_INFO3
  • DEVICE_ELUX_OU_ID
  • DEVICE_ELUX_SCOUT_NAME
  • DEVICE_ELUX_SCOUT_IP
  • DEVICE_ELUX_SCOUT_VERSION
  • DEVICE_ELUX_SCOUT_CERTIFICATE_SERIALNUMBER
  • DEVICE_ELUX_SCOUT_CERTIFICATE_SUBJECT
  • DEVICE_ELUX_SCOUT_CERTIFICATE_THUMBPRINT_SHA256
  • DEVICE_ELUX_ENVIRONMENT_COUNT
  • DEVICE_ELUX_ENVIRONMENT_X_NAME
  • DEVICE_ELUX_ENVIRONMENT_X_VALUE

Policy setting: Filter device HARDWARE vendor, model, cpu, memory, bios, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_HARDWARE_VENDOR
  • DEVICE_HARDWARE_MODEL
  • DEVICE_HARDWARE_CPU
  • DEVICE_HARDWARE_CPU_SPEED
  • DEVICE_HARDWARE_CPU_COUNT
  • DEVICE_HARDWARE_SYSTEMMEMORY
  • DEVICE_HARDWARE_BIOS_SERIAL
  • DEVICE_HARDWARE_BIOS_VERSION
  • DEVICE_HARDWARE_BIOS_RELEASEDATE
  • DEVICE_HARDWARE_VIRTUALIZATION
  • DEVICE_HARDWARE_SECUREBOOT
  • DEVICE_HARDWARE_ROLE
  • DEVICE_HARDWARE_LID

Policy setting: Filter device IGEL structure tag, servers, certificates, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_IGEL_STRUCTURETAG
  • DEVICE_IGEL_UMS_SERVER
  • DEVICE_IGEL_UMS_CERTIFICATE_SERIALNUMBER
  • DEVICE_IGEL_UMS_CERTIFICATE_SUBJECT
  • DEVICE_IGEL_UMS_CERTIFICATE_THUMBPRINT_SHA256
  • DEVICE_IGEL_ICG_SERVER
  • DEVICE_IGEL_ICG_CERTIFICATE_SERIALNUMBER
  • DEVICE_IGEL_ICG_CERTIFICATE_SUBJECT
  • DEVICE_IGEL_ICG_CERTIFICATE_THUMBPRINT_SHA256
  • DEVICE_IGEL_ENVIRONMENT_COUNT
  • DEVICE_IGEL_ENVIRONMENT_X_NAME
  • DEVICE_IGEL_ENVIRONMENT_X_VALUE
  • DEVICE_IGEL_ENVIRONMENT_X_TYPE

Policy setting: Filter device INPUT keyboard, mouse, pen and touch

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_INPUT_KEYBOARD
  • DEVICE_INPUT_MOUSE
  • DEVICE_INPUT_PEN
  • DEVICE_INPUT_TOUCH

Policy setting: Filter device IOS passcode, biometrics, jailbroken

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_IOS_PASSCODE
  • DEVICE_IOS_BIOMETRICS
  • DEVICE_IOS_JAILBROKEN

Policy setting: Filter device LOCATION position, address, etc

Enables or disabled location properties within the virtual session.

Location properties are subject to the policies within the deviceTRUST\Properties\Location folder.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_LOCATION_ACCURACY
  • DEVICE_LOCATION_URL
  • DEVICE_LOCATION_COUNTRY
  • DEVICE_LOCATION_POSTCODE
  • DEVICE_LOCATION_STATE
  • DEVICE_LOCATION_COUNTY
  • DEVICE_LOCATION_TOWN
  • DEVICE_LOCATION_STREET
  • DEVICE_LOCATION_BUILDING
  • DEVICE_LOCATION_PROVIDER
  • DEVICE_LOCATION_SOURCE
  • DEVICE_LOCATION_POSITION

Policy setting: Filter device LOGICAL DISK type, label, file system, free space, vendor, product, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_LOGICALDISK_COUNT
  • DEVICE_LOGICALDISK_X_TYPE
  • DEVICE_LOGICALDISK_X_LABEL
  • DEVICE_LOGICALDISK_X_FLAGS
  • DEVICE_LOGICALDISK_X_HIDDEN
  • DEVICE_LOGICALDISK_X_FILESYSTEM
  • DEVICE_LOGICALDISK_X_DRIVE
  • DEVICE_LOGICALDISK_X_PATH
  • DEVICE_LOGICALDISK_X_TOTALMB
  • DEVICE_LOGICALDISK_X_FREEMB
  • DEVICE_LOGICALDISK_X_NAME
  • DEVICE_LOGICALDISK_X_VENDOR_ID
  • DEVICE_LOGICALDISK_X_PRODUCT_ID
  • DEVICE_LOGICALDISK_X_SERIALNUMBER
  • DEVICE_LOGICALDISK_X_BUSTYPE
  • DEVICE_LOGICALDISK_X_ENCRYPTED
  • DEVICE_LOGICALDISK_X_FREE
  • DEVICE_LOGICALDISK_X_SYSTEM

Policy setting: Filter device MACOS iCloud, security, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_MACOS_ICLOUD_ACCOUNT
  • DEVICE_MACOS_SYSTEMINTEGRITYPROTECTION
  • DEVICE_MACOS_SECUREVIRTUALMEMORY
  • DEVICE_MACOS_GATEKEEPER

Policy setting: Filter device MACOS FIREWALL enabled, stealth mode, inbound rules, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_MACOSFIREWALL_ENABLED
  • DEVICE_MACOSFIREWALL_VERSION
  • DEVICE_MACOSFIREWALL_STEALTHMODE
  • DEVICE_MACOSFIREWALL_BLOCKALLINBOUND
  • DEVICE_MACOSFIREWALL_ALLOWSIGNEDINBOUND
  • DEVICE_MACOSFIREWALL_ALLOWSIGNEDDOWNLOADINBOUND
  • DEVICE_MACOSFIREWALL_INBOUNDRULES_PROGRAMS
  • DEVICE_MACOSFIREWALL_INBOUNDRULES_SERVICES
  • DEVICE_MACOSFIREWALL_INBOUNDRULES_EXCEPTIONS

Policy setting: Filter device MACOS UPDATE enabled, version, updates, auto install, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_MACOSUPDATE_ENABLED
  • DEVICE_MACOSUPDATE_VERSION
  • DEVICE_MACOSUPDATE_LASTSEARCH
  • DEVICE_MACOSUPDATE_UPDATE_COUNT
  • DEVICE_MACOSUPDATE_UPDATE_X_NAME
  • DEVICE_MACOSUPDATE_UPDATE_X_PRODUCTKEY
  • DEVICE_MACOSUPDATE_UPDATE_X_VERSION
  • DEVICE_MACOSUPDATE_IGNOREDUPDATE
  • DEVICE_MACOSUPDATE_AUTO_CHECK
  • DEVICE_MACOSUPDATE_AUTO_DOWNLOAD
  • DEVICE_MACOSUPDATE_AUTO_INSTALL_MACOS
  • DEVICE_MACOSUPDATE_AUTO_INSTALL_APPSTORE
  • DEVICE_MACOSUPDATE_AUTO_INSTALL_SECURITY
  • DEVICE_MACOSUPDATE_AUTO_INSTALL_DATA

Policy setting: Filter device MAPPED DRIVE local, remote, user, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_MAPPEDDRIVE_COUNT
  • DEVICE_MAPPEDDRIVE_X_DRIVE
  • DEVICE_MAPPEDDRIVE_X_SERVER
  • DEVICE_MAPPEDDRIVE_X_SHARE
  • DEVICE_MAPPEDDRIVE_X_HIDDEN
  • DEVICE_MAPPEDDRIVE_X_USER
  • DEVICE_MAPPEDDRIVE_X_PROVIDER

Policy setting: Filter device NAME, id, dns, sid, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_NAME
  • DEVICE_NAME_DNS
  • DEVICE_NAME_DN
  • DEVICE_ID
  • DEVICE_NAME_SID

Policy setting: Filter device NETWORK ipv4, ipv6, mac, dns, wifi, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_NETWORK_COUNT
  • DEVICE_NETWORK_X_STATUS
  • DEVICE_NETWORK_X_NAME
  • DEVICE_NETWORK_X_DESCRIPTION
  • DEVICE_NETWORK_X_TYPE
  • DEVICE_NETWORK_X_MAC
  • DEVICE_NETWORK_X_DNS
  • DEVICE_NETWORK_X_DNS_SUFFIX
  • DEVICE_NETWORK_X_GATEWAY
  • DEVICE_NETWORK_X_GATEWAY_MAC
  • DEVICE_NETWORK_X_WINS
  • DEVICE_NETWORK_X_SPEED
  • DEVICE_NETWORK_X_DHCP_ENABLED
  • DEVICE_NETWORK_X_DHCP_SERVER
  • DEVICE_NETWORK_X_DHCP_LEASE
  • DEVICE_NETWORK_X_DHCP_EXPIRES
  • DEVICE_NETWORK_X_WIFI_SSID
  • DEVICE_NETWORK_X_WIFI_BSSID
  • DEVICE_NETWORK_X_WIFI_STRENGTH
  • DEVICE_NETWORK_X_WIFI_SECURITY
  • DEVICE_NETWORK_X_CATEGORY
  • DEVICE_NETWORK_X_VIRTUAL
  • DEVICE_NETWORK_X_IPV4
  • DEVICE_NETWORK_X_IPV6
  • DEVICE_NETWORK_X_IPV4_SUBNET
  • DEVICE_NETWORK_X_IPV6_SUBNET

Policy setting: Filter device OS name, version, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_OS_NAME
  • DEVICE_OS_DESCRIPTION
  • DEVICE_OS_VERSION
  • DEVICE_OS_TYPE
  • DEVICE_OS_PLATFORM
  • DEVICE_OS_ID
  • DEVICE_OS_MANAGEMENT_SERVER
  • DEVICE_OS_RELEASE
  • DEVICE_OS_STARTUPTIME

Policy setting: Filter device PASSWORD POLICY min and max age, length, history, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_POLICY_PASSWORD_MINAGE
  • DEVICE_POLICY_PASSWORD_MAXAGE
  • DEVICE_POLICY_PASSWORD_FORCELOGOFF
  • DEVICE_POLICY_PASSWORD_MINLENGTH
  • DEVICE_POLICY_PASSWORD_HISTORY

Policy setting: Filter device POWER ac, battery, scheme

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_POWER_AC
  • DEVICE_POWER_BATTERY
  • DEVICE_POWER_SCHEME

Policy setting: Filter device PRINTER name, share, port, driver, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_PRINTER_COUNT
  • DEVICE_PRINTER_X_NAME
  • DEVICE_PRINTER_X_SERVER
  • DEVICE_PRINTER_X_DEFAULT
  • DEVICE_PRINTER_X_LOCAL
  • DEVICE_PRINTER_X_SHARE
  • DEVICE_PRINTER_X_PORT
  • DEVICE_PRINTER_X_LOCATION
  • DEVICE_PRINTER_X_DIRECTORY_PUBLISHED
  • DEVICE_PRINTER_X_KEEP_PRINT_JOBS
  • DEVICE_PRINTER_X_ERRORS
  • DEVICE_PRINTER_X_DRIVER
  • DEVICE_PRINTER_X_DRIVER_FILE
  • DEVICE_PRINTER_X_DRIVER_MANUFACTURER
  • DEVICE_PRINTER_X_DRIVER_VERSION

Policy setting: Filter device REGION time zone, language, locale, keyboard, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_REGION_TIMEZONE_OFFSET
  • DEVICE_REGION_LANGUAGE
  • DEVICE_REGION_LOCALE
  • DEVICE_REGION_KEYBOARD_LANGUAGE
  • DEVICE_REGION_KEYBOARD_LOCALE

Policy setting: Filter device REMOTE CONTROL active, protocol, remote ip etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_REMOTECONTROL_ACTIVE
  • DEVICE_REMOTECONTROL_PROTOCOL
  • DEVICE_REMOTECONTROL_REMOTE_IP
  • DEVICE_REMOTECONTROL_REMOTE_NAME
  • DEVICE_REMOTECONTROL_REMOTE_PLATFORM
  • DEVICE_REMOTECONTROL_REMOTE_VERSION
  • DEVICE_REMOTECONTROL_REMOTE_INSTALLPATH

Policy setting: Filter device REMOTING CLIENT runtime, version, outbound network, plugins, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_REMOTINGCLIENT_RUNTIME
  • DEVICE_REMOTINGCLIENT_VERSION
  • DEVICE_REMOTINGCLIENT_OUTBOUND_ADDRESS
  • DEVICE_REMOTINGCLIENT_OUTBOUND_DNS
  • DEVICE_REMOTINGCLIENT_PLUGINS_SKYPE
  • DEVICE_REMOTINGCLIENT_PLUGINS_SKYPE_VERSION

Policy setting: Filter device SCREEN SAVER enabled, secure, timeout and filename

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_SCREENSAVER_ENABLED
  • DEVICE_SCREENSAVER_SECURE
  • DEVICE_SCREENSAVER_TIMEOUT
  • DEVICE_SCREENSAVER_FILENAME

Policy setting: Filter device SECURITY PRODUCT antispyware, antivirus, firewall, name, status, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_SECURITYPRODUCT_COUNT
  • DEVICE_SECURITYPRODUCT_X_NAME
  • DEVICE_SECURITYPRODUCT_X_CATEGORY
  • DEVICE_SECURITYPRODUCT_X_STATUS
  • DEVICE_SECURITYPRODUCT_X_TIMESTAMP

Policy setting: Filter device SMARTCARDREADER name

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_SMARTCARDREADER_COUNT
  • DEVICE_SMARTCARDREADER_X_NAME

Policy setting: Filter device USER name, domain, local admin, auth, password age, groups, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_USER_NAME
  • DEVICE_USER_NAME_DOMAIN
  • DEVICE_USER_NAME_DOMAIN_DNS
  • DEVICE_USER_NAME_DN
  • DEVICE_USER_SID
  • DEVICE_USER_AUTH
  • DEVICE_USER_LOCALADMIN
  • DEVICE_USER_DOMAINLOGON
  • DEVICE_USER_CACHEDCREDENTIALS
  • DEVICE_USER_PASSWORD_AGE
  • DEVICE_USER_PASSWORD_AUTOLOGON
  • DEVICE_USER_AUTH_PROVIDER
  • DEVICE_USER_AUTH_PRINCIPAL
  • DEVICE_USER_GROUPS
  • DEVICE_USER_ATTRIBUTE_COUNT
  • DEVICE_USER_ATTRIBUTE_X_NAME
  • DEVICE_USER_ATTRIBUTE_X_VALUE

Policy setting: Filter device WHOIS ip, dns, isp and country

Enables or disables whois properties within the virtual session.

Whois properties are subject to the policies within the deviceTRUST\Properties\Whois folder.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_WHOIS_IP
  • DEVICE_WHOIS_DNS
  • DEVICE_WHOIS_ISP
  • DEVICE_WHOIS_COUNTRY

Policy setting: Filter device WINDOWS user access control, smartscreen

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_WINDOWS_SMARTSCREEN_EXPLORER
  • DEVICE_WINDOWS_SMARTSCREEN_EDGE
  • DEVICE_WINDOWS_SMARTSCREEN_STORE
  • DEVICE_WINDOWS_UAC_ENABLED
  • DEVICE_WINDOWS_UAC_POLICY

Policy setting: Filter device WINDOWS DEFENDER status, last scan, versions, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_WINDOWSDEFENDER_STATUS
  • DEVICE_WINDOWSDEFENDER_LASTQUICKSCAN
  • DEVICE_WINDOWSDEFENDER_LASTFULLSCAN
  • DEVICE_WINDOWSDEFENDER_SIGNATURETHREATS
  • DEVICE_WINDOWSDEFENDER_BEHAVIORTHREATS
  • DEVICE_WINDOWSDEFENDER_VERSION_ENGINE
  • DEVICE_WINDOWSDEFENDER_VERSION_ANTIMALWARE
  • DEVICE_WINDOWSDEFENDER_VERSION_ANTIVIRUS
  • DEVICE_WINDOWSDEFENDER_VERSION_ANTISPYWARE
  • DEVICE_WINDOWSDEFENDER_VERSION_NETWORKENGINE
  • DEVICE_WINDOWSDEFENDER_VERSION_NETWORKDEFINITION
  • DEVICE_WINDOWSDEFENDER_REALTIMEPROTECTION
  • DEVICE_WINDOWSDEFENDER_TAMPERPROTECTION
  • DEVICE_WINDOWSDEFENDER_CLOUDPROTECTION
  • DEVICE_WINDOWSDEFENDER_SAMPLESUBMISSION
  • DEVICE_WINDOWSDEFENDER_CONTROLLEDFOLDERACCESS
  • DEVICE_WINDOWSDEFENDER_EXCLUSIONS_PATHS
  • DEVICE_WINDOWSDEFENDER_EXCLUSIONS_EXTENSIONS
  • DEVICE_WINDOWSDEFENDER_EXCLUSIONS_PROCESSES

Policy setting: Filter device WINDOWS FIREWALL profile settings, rules, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_NAME
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_DISABLED
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_BLOCKALLINBOUND
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_INBOUNDALLOWED
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_OUTBOUNDALLOWED
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_DISABLEDNOTIFICATIONS
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_RESPONDTOMULTICAST
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_PROGRAMS
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_PACKAGES
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_SERVICES
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_SYSTEM
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_ANY
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_PROGRAMS
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_PACKAGES
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_SERVICES
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_SYSTEM
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_ANY

Policy setting: Filter device WINDOWS REGISTRY count, path, value and data

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_WINDOWSREGISTRY_COUNT
  • DEVICE_WINDOWSREGISTRY_X_PATH
  • DEVICE_WINDOWSREGISTRY_X_VALUE
  • DEVICE_WINDOWSREGISTRY_X_DATA

Policy setting: Filter device WINDOWS UPDATE status, last install, pending updates, etc

Enables or disables device properties within the virtual session.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • DEVICE_WINDOWSUPDATE_ENABLED
  • DEVICE_WINDOWSUPDATE_VERSION
  • DEVICE_WINDOWSUPDATE_REBOOTREQUIRED
  • DEVICE_WINDOWSUPDATE_NOTIFICATIONLEVEL
  • DEVICE_WINDOWSUPDATE_LASTSEARCH
  • DEVICE_WINDOWSUPDATE_LASTINSTALL
  • DEVICE_WINDOWSUPDATE_DEFINITION
  • DEVICE_WINDOWSUPDATE_CRITICAL
  • DEVICE_WINDOWSUPDATE_SECURITY
  • DEVICE_WINDOWSUPDATE_ROLLUP
  • DEVICE_WINDOWSUPDATE_SERVICEPACK
  • DEVICE_WINDOWSUPDATE_UPDATE
  • DEVICE_WINDOWSUPDATE_DEFINITION_RELEASEDATE
  • DEVICE_WINDOWSUPDATE_CRITICAL_RELEASEDATE
  • DEVICE_WINDOWSUPDATE_SECURITY_RELEASEDATE
  • DEVICE_WINDOWSUPDATE_ROLLUP_RELEASEDATE
  • DEVICE_WINDOWSUPDATE_SERVICEPACK_RELEASEDATE
  • DEVICE_WINDOWSUPDATE_UPDATE_RELEASEDATE