deviceTRUST 19.3.200 is now available. See the release notes for more information.

deviceTRUST Property Filters

deviceTRUST allows granular control of the properties which are collected either on the remote device or on the local machine. Each set of related properties is grouped together into a single filter policy in one of the following policy folders:

  • COMPUTER CONFIGURATION\ADMINISTRATIVE TEMPLATES\DEVICETRUST\PROPERTIES\DEVICE FILTER for remote device.
  • COMPUTER CONFIGURATION\ADMINISTRATIVE TEMPLATES\DEVICETRUST\PROPERTIES\HOST FILTER for local machine.

All DEVICE_* categories are enabled by default, resulting in them being read, communicated (for remote devices), made available on the host as environment variables or registry keys, and audited to the Windows Event Log.

Only the following HOST_* categories are enabled by default, resulting in them being read, and made available on the host as environment variables or registry keys, and audited to the Windows Event Log:

  • DEVICETRUST
  • HARDWARE
  • NAME
  • NETWORK
  • OS
  • PERFORMANCE
  • REMOTE CONTROL
  • SESSION
  • USER
  • WHOIS

By disabling the filter policy, or by selectively disabling individual properties, the availability of each property can be limited as shown in the following table.

  Read from Local or Remote Machine Communicated Remotely Available on Host
Enabled by default policy Yes Yes Yes
Selectively disabled Yes No No
Policy disabled No No No

The policy DEFINE PROPERTIES WHICH WILL NOT BE WRITTEN TO THE WINDOWS EVENT LOG, available within the COMPUTER CONFIGURATION\ADMINISTRATIVE TEMPLATES\DEVICETRUST\PROPERTIES policy folder can be used to provide an additional filter ensuring that the properties are available on the host, but never written to the Windows Event Log.