deviceTRUST Property Filters
deviceTRUST allows granular control of the properties which are collected either on the remote device or on the local machine. Each set of related properties is grouped together into a single filter policy in one of the following policy folders:
- COMPUTER CONFIGURATION\ADMINISTRATIVE TEMPLATES\DEVICETRUST\PROPERTIES\DEVICE FILTER for remote device.
- COMPUTER CONFIGURATION\ADMINISTRATIVE TEMPLATES\DEVICETRUST\PROPERTIES\HOST FILTER for local machine.
All DEVICE_* categories are enabled by default, resulting in them being read, communicated (for remote devices), made available on the host as environment variables or registry keys, and audited to the Windows Event Log.
Only the following HOST_* categories are enabled by default, resulting in them being read, and made available on the host as environment variables or registry keys, and audited to the Windows Event Log:
- REMOTE CONTROL
By disabling the filter policy, or by selectively disabling individual properties, the availability of each property can be limited as shown in the following table.
|Read from Local or Remote Machine||Communicated Remotely||Available on Host|
|Enabled by default policy||Yes||Yes||Yes|
The policy DEFINE PROPERTIES WHICH WILL NOT BE WRITTEN TO THE WINDOWS EVENT LOG, available within the COMPUTER CONFIGURATION\ADMINISTRATIVE TEMPLATES\DEVICETRUST\PROPERTIES policy folder can be used to provide an additional filter ensuring that the properties are available on the host, but never written to the Windows Event Log.