deviceTRUST 19.2 is now available and includes the new macOS Client and an updated iOS Client. See the release notes for more information.

Policy category: Device Filter

  1. Policy setting: Query to include device ACCESS POINTS
  2. Policy setting: Query to include device CERTIFICATES
  3. Policy setting: Query to include device CUSTOM from Windows Registry
  4. Policy setting: Query to include device DISPLAYS
  5. Policy setting: Query to include device LOGICAL DISKS
  6. Policy setting: Query to include device MAPPED DRIVES
  7. Policy setting: Query to include device NETWORKS
  8. Policy setting: Query to include device PRINTERS
  9. Policy setting: Query to include device USER GROUPS
  10. Policy setting: Query to exclude device WINDOWS FIREWALL rules
  11. Policy setting: Filter device ACCESS POINT ssid, bssid, speed, quality, etc
  12. Policy setting: Filter device CARRIER name, network, country
  13. Policy setting: Filter device CERTIFICATE store, name, issuer, subject, etc
  14. Policy setting: Filter device CUSTOM path, name, value
  15. Policy setting: Filter device DEVICETRUST version number
  16. Policy setting: Filter device DISPLAY capabilities
  17. Policy setting: Filter device DOMAIN, name, dns, sid, etc
  18. Policy setting: Filter device ELUX hostid, scout name, ip, version, certificate
  19. Policy setting: Filter device HARDWARE vendor, model, cpu, memory, bios, etc
  20. Policy setting: Filter device IGEL structure tag, servers, certificates, etc
  21. Policy setting: Filter device INPUT keyboard, mouse, pen and touch
  22. Policy setting: Filter device IOS passcode, biometrics, jailbroken
  23. Policy setting: Filter device LOCATION latitude, longitude, address, etc
  24. Policy setting: Filter device LOGICAL DISK type, label, file system, free space, vendor, product, etc
  25. Policy setting: Filter device MACOS iCloud, security, etc
  26. Policy setting: Filter device MACOS FIREWALL enabled, stealth mode, inbound rules, etc
  27. Policy setting: Filter device MAPPED DRIVE local, remote, user, etc
  28. Policy setting: Filter device NAME, id, dns, sid, etc
  29. Policy setting: Filter device NETWORK ip, mac, dns, wifi, etc
  30. Policy setting: Filter device OS name, version, etc
  31. Policy setting: Filter device PASSWORD POLICY min and max age, length, history, etc
  32. Policy setting: Filter device POWER ac, battery, scheme
  33. Policy setting: Filter device PRINTER name, share, port, driver, etc
  34. Policy setting: Filter device REGION time zone, language, locale, keyboard, etc
  35. Policy setting: Filter device REMOTE CONTROL active, protocol, remote ip etc
  36. Policy setting: Filter device REMOTING CLIENT runtime, version, outbound network, plugins, etc
  37. Policy setting: Filter device SCREEN SAVER enabled, secure, timeout and filename
  38. Policy setting: Filter device SECURITY PRODUCT antivirus, antispyware, firewall
  39. Policy setting: Filter device SMARTCARDREADER name
  40. Policy setting: Filter device USER name, domain, local admin, auth, password age, groups, etc
  41. Policy setting: Filter device WHOIS ip, dns, isp and country
  42. Policy setting: Filter device WINDOWS windows update, uac, internet settings
  43. Policy setting: Filter device WINDOWS DEFENDER status, last scan, versions, etc
  44. Policy setting: Filter device WINDOWS FIREWALL profile settings, rules, etc
  45. Policy setting: Filter device WINDOWS UPDATE status, last install, pending updates, etc

Policy setting: Query to include device ACCESS POINTS

Defines queries which can be used to discover access points on the remote connected device.

Access points are included within the properties if they match all of the constraints within any of the queries.

The maximum number of access points is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for SSID and BSSID.
  • Number constraints for Strength, Quality and Frequency.
  • Boolean constraint for Secure.

For example:

  • SSID=’*’ - Queries all access points.
  • SSID=’*’, Secure=’true’ - Queries all secure access points.
  • SSID=’MyNetwork-*’, Strength>=’-50’ - Queries all access points with an SSID beginning with ‘MyNetwork-‘ and with an RSSI signal strength greater than or equal to ‘-50’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default value does not return any access points.

Policy setting: Query to include device CERTIFICATES

Defines one or more queries which can be used to find private certificates on the remote connected device.

Certificates are included within the properties if they match all of the constraints within any of the queries.

The maximum number of certificates is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Store, Name, Subject, Issuer, SignatureAlgorithm, SerialNumber, ThumbprintSha256, Template, ExtendedUsage, RootName and RootThumbprintSha256.
  • Enum constraint for Location with values CurrentUser and LocalMachine.
  • Enum constraint for Version with values V1, V2 and V3.
  • Enum constraint for VerificationError with values None, CannotBeVerified, Revoked, UntrustedRoot, UntrustedTestRoot, Chaining, Expired, Critical and NoRevocationCheck.
  • Enum constraint for Usage with values EncipherOnly, CrlSigning, CertificateSigning, KeyAgreement, DataEncipherment, KeyEncipherment, NonReduiation, DigitalSignature and DecipherOnly.
  • Date constraints for NotBefore and NotAfter.

For example:

  • Template=’CompanyCert’, ExtendedUsage=’1.3.6.1.5.5.7.3.2’ - All certificates assigned by a template containing the name ‘CompanyCert’ for use with client authentication.
  • VerificationError=’*’ - All certificates, regardless of their verification errors.
  • VerificationError=’None;Expired’, Issuer=’TrustedAuthority’ - All valid or expired certificates whose issuer contains the text ‘TrustedAuthority’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default value is “Store=’My’, Location=’CurrentUser’, VerificationError=’None’”. Store defaults to ‘My’ unless specified. Location defaults to ‘CurrentUser’ unless specified. VerificationError defaults to ‘None’ unless specified.

Policy setting: Query to include device CUSTOM from Windows Registry

Defines one or more queries which can be used to include Custom properties from the Windows Registry of the remote connected device.

Custom properties are included from the Windows Registry if they match all of the constraints within any of the queries.

Available inputs include:

  • Text input for Key and Name.
  • Enum input for Type with values REG_SZ, REG_EXPAND_SZ, REG_MULTI_SZ, REG_BINARY, REG_DWORD, REG_QWORD. When supplied, filters the values that match the type.
  • Boolean input for Redirect32. When true and the properties are read from a 32-bit process on a 64-bit platform, will redirect to the virtualized registry.
  • Boolean input for Redirect64. When true and the properties are read from a 64-bit process, will redirect to the virtualized registry.

For example:

  • Key=’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion’, Name=’ProductId’

Both Key and Value inputs are required. On a 64-bit platform when no redirection is specified, an attempt is made to read from the native registry key before falling back to the virtualized registry key.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default value does not include any Windows Registry values.

Policy setting: Query to include device DISPLAYS

Defines queries which can be used to discover displays on the remote connected device.

Displays are included within the properties if they match all of the constraints within any of the queries.

The maximum number of displays is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraint for MonitorVendor, MonitorProduct, MonitorSerialNumber, AdapterVendor, AdapterProduct.
  • Number constraints for Width, Height and Bpp.
  • Boolean constraints for MonitorExternal.

For example:

  • Width>=’1024’, Height>=’768’ - Queries all displays which have a width greater than or equal to 1024 pixels, and a height greater than or equal to 768.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default query includes all displays.

Policy setting: Query to include device LOGICAL DISKS

Defines one or more queries which can be used to find logical disks on the remote connected device.

Logical disks are included within the properties if they match all of the constraints within any of the queries.

Available constraints include:

  • Enum constraints for Type with values Removable, Fixed, Cdrom and Ramdisk.
  • Enum constraints for Flags with values NotReady, PreservedNames, CaseSensitiveSearch, DaxVolume, SupportsCompression, NamedStreams, PersistentAcls, ReadOnly, SequentialWriteOnce, SupportsEncryption, ExtendedAttributes, HardLinks, ObjectIds, OpenByFileId, ReparsePoints, SparseFiles, Transactions, UsnJournal, UnicodeFileNames, IsCompressed, SupportsQuotas.
  • Enum constraints for BusType with values SCSI, ATAPI, ATA, IEEE1394, SSA, FibreChannel, USB, RAID, iSCSI, SAS, SATA, SecureDigital, MultimediaCard, Virtual, FileBackedVirtual, StorageSpaces and NVMe.
  • Text constraints for Label, FileSystem, Drive, Path, Name and SerialNumber.
  • Number constraints for TotalMB, FreeMb, VendorId and ProductId.

For example:

  • Drive=’D:,E:,F:,G:’ - Returns any drive mapped to letters D, E, F or G.
  • Type=’Removable’ - Returns only removable disks.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default value returns all ready logical disks represented by a path (e.g. Flags!=’NotReady’, Path!=’’).

Policy setting: Query to include device MAPPED DRIVES

Defines one or more queries which can be used to find mapped drives on the remote connected device.

Mapped drives are included within the properties if they match all of the constraints within any of the queries.

Available constraints include:

  • Text constraints for Drive, Server, Share, User and Provider.

For example:

  • Drive=’D:’ - Returns any drives mapped to a local D:.
  • User=’DOMAIN*’ - Returns any mapped drives authenticated by a member of the ‘DOMAIN’ domain.
  • Server=’\SERVERNAME’ - Returns any mapped drives using a remote server name of ‘\SERVERNAME’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default value returns all mapped drives.

Policy setting: Query to include device NETWORKS

Defines queries which can be used to discover networks on the remote connected device.

Networks are included within the properties if they match all of the constraints within any of the queries.

The maximum number of networks is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Name, Description, Mac, GatewayMac, WifiSsid, WifiBssid, WifiSecurity and DnsSuffix.
  • Enum constraint for Status with values Up, Down, Testing, Unknown, Dormant, NotPresent and LowerLayerDown.
  • Enum constraint for Type with values Other, Ethernet, PPP, ATM, WiFi, Tunnel, Firewire and Mobile.
  • Boolean constraint for DhcpEnabled.
  • Number constraints for Speed and WifiStrength.
  • IpAddress constraints for IP, Gateway, DNS, WINS and DhcpServer.

For example:

  • DhcpEnabled=’true’, DhcpServer=’192.168.100.1-2’, GatewayMac=’01-02-03-04-05-06-07’ - Matches networks assigned an ip from a DHCP Server of address 192.168.100.1 or 192.168.100.2 configured with a gateway using MAC address 01-02-03-04-05-06-07.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default value is “Status=’Up’”. Status defaults to ‘Up’ unless specified.

Policy setting: Query to include device PRINTERS

Defines one or more queries which can be used to find printers on the remote connected device.

Printers are included within the properties if they match all of the constraints within any of the queries.

The maximum number of printers is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Name, Server, Share, Port, Location, Driver, DriverFile and DriverManufacturer.
  • Boolean constraints for Default, Local, DirectoryPublished and KeepPrintJobs.
  • Enum constraint for Errors with values Paused, Error, PendingDeletion, PaperJam, PaperOut, PaperProblem, Offline, OutputBinFull, NotAvailable, TonerLow, NoToner, CannotPrintPage, UserIntervention, OutOfMemory, DoorOpen, ServerUnknown, ServerOffline and DriverUpdateNeeded.
  • Version constraint for DriverVersion.

For example:

  • Default=’true’ - Returns just the default printer.
  • Share=’\SERVER??*’, Errors=’*’ - Returns printers which have a share matching the wildcard ‘\SERVER??*’ regardless of the error value.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default value is “Errors!=’Offline;ServerOffline;NotAvailable’”. Errors defaults to all values except ‘Offline;ServerOffline;NotAvailable’ unless specified.

Policy setting: Query to include device USER GROUPS

Defines one or more security groups to potentially include within the device user groups property.

Security groups are included within the user groups property if the logged in user is a member of the security group.

Security groups can be supplied in the format DOMAIN\SecurityGroupName, where DOMAIN is either the SAM compatible domain, or the DNS domain name.

The default value does not include any security groups.

Policy setting: Query to exclude device WINDOWS FIREWALL rules

Defines one or more queries which can be used to exclude inbound and outbound Windows Firewall rules on the remote connected device.

Firewall rules are excluded from the properties if they match all of the constraints within any of the queries.

Firewall rules must be enabled, allowed and assigned to an active profile to be included within the results.

Available constraints include:

  • Text constraints for Name, Description, Group, Program, Service, Package, PackageName, PackageDescription, PackageFullName and PortName.
  • Enum constraint for Type with values Program, Package, Service, System and Any.
  • Enum constraint for Direction with values Inbound and Outbound.
  • Enum constraints for Protocol with values Any, HOPOPT, ICMPv4, IGMP, TCP, UDP, IPv6 IPv6Route, IPv6Frag, GRE, ICMPv6, IPv6NoNxt, IPv6Opts, VRRP, PGM, L2TP, or any protocol number from http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml.
  • Enum constraints for Profile with values Domain, Private, Public.
  • Number constraint for Port, with additional option to use * to match rules that target any port.

For example:

  • Direction=’Inbound’, Program=’*\MyApp.exe’, Port>=3000, Port<=3002 - Excludes all inbound traffic to MyApp.exe to ports 3000, 3001 and 3002.

For full details, please see deviceTRUST Property Queries within the deviceTRUST Administration Guide.

The default value does not filter the Firewall rules.

Policy setting: Filter device ACCESS POINT ssid, bssid, speed, quality, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_ACCESSPOINT_COUNT
  • DEVICE_ACCESSPOINT_X_SSID
  • DEVICE_ACCESSPOINT_X_BSSID
  • DEVICE_ACCESSPOINT_X_STRENGTH
  • DEVICE_ACCESSPOINT_X_QUALITY
  • DEVICE_ACCESSPOINT_X_FREQUENCY
  • DEVICE_ACCESSPOINT_X_SECURE

Policy setting: Filter device CARRIER name, network, country

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_CARRIER_NAME
  • DEVICE_CARRIER_COUNTRY_NAME
  • DEVICE_CARRIER_COUNTRY_CODE
  • DEVICE_CARRIER_NETWORK_NAME
  • DEVICE_CARRIER_NETWORK_CODE

Policy setting: Filter device CERTIFICATE store, name, issuer, subject, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_CERTIFICATE_COUNT
  • DEVICE_CERTIFICATE_X_STORE
  • DEVICE_CERTIFICATE_X_LOCATION
  • DEVICE_CERTIFICATE_X_VERSION
  • DEVICE_CERTIFICATE_X_NAME
  • DEVICE_CERTIFICATE_X_SUBJECT
  • DEVICE_CERTIFICATE_X_ISSUER
  • DEVICE_CERTIFICATE_X_SIGNATUREALGORITHM
  • DEVICE_CERTIFICATE_X_SERIALNUMBER
  • DEVICE_CERTIFICATE_X_THUMBPRINT_SHA256
  • DEVICE_CERTIFICATE_X_TEMPLATE
  • DEVICE_CERTIFICATE_X_NOTBEFORE
  • DEVICE_CERTIFICATE_X_NOTAFTER
  • DEVICE_CERTIFICATE_X_USAGE
  • DEVICE_CERTIFICATE_X_EXTENDEDUSAGE
  • DEVICE_CERTIFICATE_X_VERIFICATIONERROR
  • DEVICE_CERTIFICATE_X_ROOT_NAME
  • DEVICE_CERTIFICATE_X_ROOT_THUMBPRINT_SHA256

Policy setting: Filter device CUSTOM path, name, value

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_CUSTOM_COUNT
  • DEVICE_CUSTOM_X_PATH
  • DEVICE_CUSTOM_X_NAME
  • DEVICE_CUSTOM_X_VALUE

Policy setting: Filter device DEVICETRUST version number

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_DEVICETRUST_VERSION

Policy setting: Filter device DISPLAY capabilities

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_DISPLAY_COUNT
  • DEVICE_DISPLAY_X_NAME
  • DEVICE_DISPLAY_X_WIDTH
  • DEVICE_DISPLAY_X_HEIGHT
  • DEVICE_DISPLAY_X_BPP
  • DEVICE_DISPLAY_X_DPI
  • DEVICE_DISPLAY_X_MONITOR_VENDOR
  • DEVICE_DISPLAY_X_MONITOR_PRODUCT
  • DEVICE_DISPLAY_X_MONITOR_SERIALNUMBER
  • DEVICE_DISPLAY_X_MONITOR_EXTERNAL
  • DEVICE_DISPLAY_X_ADAPTER_VENDOR
  • DEVICE_DISPLAY_X_ADAPTER_PRODUCT

Policy setting: Filter device DOMAIN, name, dns, sid, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_DOMAIN
  • DEVICE_DOMAIN_DNS
  • DEVICE_DOMAIN_SID
  • DEVICE_DOMAIN_JOINED

Policy setting: Filter device ELUX hostid, scout name, ip, version, certificate

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_ELUX_HOSTID
  • DEVICE_ELUX_INFO1
  • DEVICE_ELUX_INFO2
  • DEVICE_ELUX_INFO3
  • DEVICE_ELUX_OU_ID
  • DEVICE_ELUX_SCOUT_NAME
  • DEVICE_ELUX_SCOUT_IP
  • DEVICE_ELUX_SCOUT_VERSION
  • DEVICE_ELUX_SCOUT_CERTIFICATE_SERIALNUMBER
  • DEVICE_ELUX_SCOUT_CERTIFICATE_SUBJECT
  • DEVICE_ELUX_SCOUT_CERTIFICATE_THUMBPRINT_SHA256

Policy setting: Filter device HARDWARE vendor, model, cpu, memory, bios, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_HARDWARE_VENDOR
  • DEVICE_HARDWARE_MODEL
  • DEVICE_HARDWARE_CPU
  • DEVICE_HARDWARE_CPU_SPEED
  • DEVICE_HARDWARE_CPU_COUNT
  • DEVICE_HARDWARE_SYSTEMMEMORY
  • DEVICE_HARDWARE_BIOS_SERIAL
  • DEVICE_HARDWARE_BIOS_VERSION
  • DEVICE_HARDWARE_BIOS_RELEASEDATE
  • DEVICE_HARDWARE_VIRTUALIZATION
  • DEVICE_HARDWARE_SECUREBOOT
  • DEVICE_HARDWARE_ROLE
  • DEVICE_HARDWARE_LID

Policy setting: Filter device IGEL structure tag, servers, certificates, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_IGEL_STRUCTURETAG
  • DEVICE_IGEL_UMS_SERVER
  • DEVICE_IGEL_UMS_CERTIFICATE_SERIALNUMBER
  • DEVICE_IGEL_UMS_CERTIFICATE_SUBJECT
  • DEVICE_IGEL_UMS_CERTIFICATE_THUMBPRINT_SHA256
  • DEVICE_IGEL_ICG_SERVER
  • DEVICE_IGEL_ICG_CERTIFICATE_SERIALNUMBER
  • DEVICE_IGEL_ICG_CERTIFICATE_SUBJECT
  • DEVICE_IGEL_ICG_CERTIFICATE_THUMBPRINT_SHA256

Policy setting: Filter device INPUT keyboard, mouse, pen and touch

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_INPUT_KEYBOARD
  • DEVICE_INPUT_MOUSE
  • DEVICE_INPUT_PEN
  • DEVICE_INPUT_TOUCH

Policy setting: Filter device IOS passcode, biometrics, jailbroken

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_IOS_PASSCODE
  • DEVICE_IOS_BIOMETRICS
  • DEVICE_IOS_JAILBROKEN

Policy setting: Filter device LOCATION latitude, longitude, address, etc

Enables or disabled location properties within the virtual session.

Location properties require internet access, and are impacted by the ‘Limit internet dependent properties to specific users’ policy, and also policies within the deviceTRUST\Properties\Location folder.

The default behavior includes all properties. Available properties:

  • DEVICE_LOCATION_LATITUDE
  • DEVICE_LOCATION_LONGITUDE
  • DEVICE_LOCATION_ACCURACY
  • DEVICE_LOCATION_URL
  • DEVICE_LOCATION_COUNTRY_CODE
  • DEVICE_LOCATION_COUNTRY
  • DEVICE_LOCATION_POSTCODE
  • DEVICE_LOCATION_STATE
  • DEVICE_LOCATION_STATE_DISTRICT
  • DEVICE_LOCATION_COUNTY
  • DEVICE_LOCATION_TOWN
  • DEVICE_LOCATION_STREET
  • DEVICE_LOCATION_BUILDING

Policy setting: Filter device LOGICAL DISK type, label, file system, free space, vendor, product, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_LOGICALDISK_COUNT
  • DEVICE_LOGICALDISK_X_TYPE
  • DEVICE_LOGICALDISK_X_LABEL
  • DEVICE_LOGICALDISK_X_FLAGS
  • DEVICE_LOGICALDISK_X_HIDDEN
  • DEVICE_LOGICALDISK_X_FILESYSTEM
  • DEVICE_LOGICALDISK_X_DRIVE
  • DEVICE_LOGICALDISK_X_PATH
  • DEVICE_LOGICALDISK_X_TOTALMB
  • DEVICE_LOGICALDISK_X_FREEMB
  • DEVICE_LOGICALDISK_X_NAME
  • DEVICE_LOGICALDISK_X_VENDOR_ID
  • DEVICE_LOGICALDISK_X_PRODUCT_ID
  • DEVICE_LOGICALDISK_X_SERIALNUMBER
  • DEVICE_LOGICALDISK_X_BUSTYPE

Policy setting: Filter device MACOS iCloud, security, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_MACOS_ICLOUD_ACCOUNT
  • DEVICE_MACOS_SYSTEMINTEGRITYPROTECTION
  • DEVICE_MACOS_SECUREVIRTUALMEMORY
  • DEVICE_MACOS_GATEKEEPER

Policy setting: Filter device MACOS FIREWALL enabled, stealth mode, inbound rules, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_MACOSFIREWALL_ENABLED
  • DEVICE_MACOSFIREWALL_VERSION
  • DEVICE_MACOSFIREWALL_STEALTHMODE
  • DEVICE_MACOSFIREWALL_BLOCKALLINBOUND
  • DEVICE_MACOSFIREWALL_ALLOWSIGNEDINBOUND
  • DEVICE_MACOSFIREWALL_ALLOWSIGNEDDOWNLOADINBOUND
  • DEVICE_MACOSFIREWALL_INBOUNDRULES_PROGRAMS
  • DEVICE_MACOSFIREWALL_INBOUNDRULES_SERVICES
  • DEVICE_MACOSFIREWALL_INBOUNDRULES_EXCEPTIONS

Policy setting: Filter device MAPPED DRIVE local, remote, user, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_MAPPEDDRIVE_COUNT
  • DEVICE_MAPPEDDRIVE_X_DRIVE
  • DEVICE_MAPPEDDRIVE_X_SERVER
  • DEVICE_MAPPEDDRIVE_X_SHARE
  • DEVICE_MAPPEDDRIVE_X_HIDDEN
  • DEVICE_MAPPEDDRIVE_X_USER
  • DEVICE_MAPPEDDRIVE_X_PROVIDER

Policy setting: Filter device NAME, id, dns, sid, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_NAME
  • DEVICE_NAME_DNS
  • DEVICE_NAME_DN
  • DEVICE_ID
  • DEVICE_NAME_SID

Policy setting: Filter device NETWORK ip, mac, dns, wifi, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_NETWORK_COUNT
  • DEVICE_NETWORK_X_STATUS
  • DEVICE_NETWORK_X_NAME
  • DEVICE_NETWORK_X_DESCRIPTION
  • DEVICE_NETWORK_X_TYPE
  • DEVICE_NETWORK_X_MAC
  • DEVICE_NETWORK_X_IP
  • DEVICE_NETWORK_X_IPV4_ENABLED
  • DEVICE_NETWORK_X_IPV6_ENABLED
  • DEVICE_NETWORK_X_DNS
  • DEVICE_NETWORK_X_DNS_SUFFIX
  • DEVICE_NETWORK_X_GATEWAY
  • DEVICE_NETWORK_X_GATEWAY_MAC
  • DEVICE_NETWORK_X_WINS
  • DEVICE_NETWORK_X_SPEED
  • DEVICE_NETWORK_X_DHCP_ENABLED
  • DEVICE_NETWORK_X_DHCP_SERVER
  • DEVICE_NETWORK_X_DHCP_LEASE
  • DEVICE_NETWORK_X_DHCP_EXPIRES
  • DEVICE_NETWORK_X_WIFI_SSID
  • DEVICE_NETWORK_X_WIFI_BSSID
  • DEVICE_NETWORK_X_WIFI_STRENGTH
  • DEVICE_NETWORK_X_WIFI_SECURITY

Policy setting: Filter device OS name, version, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_OS_NAME
  • DEVICE_OS_DESCRIPTION
  • DEVICE_OS_VERSION
  • DEVICE_OS_TYPE
  • DEVICE_OS_PLATFORM
  • DEVICE_OS_ID
  • DEVICE_OS_MANAGEMENT_SERVER

Policy setting: Filter device PASSWORD POLICY min and max age, length, history, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_POLICY_PASSWORD_MINAGE
  • DEVICE_POLICY_PASSWORD_MAXAGE
  • DEVICE_POLICY_PASSWORD_FORCELOGOFF
  • DEVICE_POLICY_PASSWORD_MINLENGTH
  • DEVICE_POLICY_PASSWORD_HISTORY

Policy setting: Filter device POWER ac, battery, scheme

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_POWER_AC
  • DEVICE_POWER_BATTERY
  • DEVICE_POWER_SCHEME

Policy setting: Filter device PRINTER name, share, port, driver, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_PRINTER_COUNT
  • DEVICE_PRINTER_X_NAME
  • DEVICE_PRINTER_X_SERVER
  • DEVICE_PRINTER_X_DEFAULT
  • DEVICE_PRINTER_X_LOCAL
  • DEVICE_PRINTER_X_SHARE
  • DEVICE_PRINTER_X_PORT
  • DEVICE_PRINTER_X_LOCATION
  • DEVICE_PRINTER_X_DIRECTORY_PUBLISHED
  • DEVICE_PRINTER_X_KEEP_PRINT_JOBS
  • DEVICE_PRINTER_X_ERRORS
  • DEVICE_PRINTER_X_DRIVER
  • DEVICE_PRINTER_X_DRIVER_FILE
  • DEVICE_PRINTER_X_DRIVER_MANUFACTURER
  • DEVICE_PRINTER_X_DRIVER_VERSION

Policy setting: Filter device REGION time zone, language, locale, keyboard, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_REGION_TIMEZONE_OFFSET
  • DEVICE_REGION_LANGUAGE
  • DEVICE_REGION_LOCALE
  • DEVICE_REGION_KEYBOARD_LANGUAGE
  • DEVICE_REGION_KEYBOARD_LOCALE

Policy setting: Filter device REMOTE CONTROL active, protocol, remote ip etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_REMOTECONTROL_ACTIVE
  • DEVICE_REMOTECONTROL_PROTOCOL
  • DEVICE_REMOTECONTROL_REMOTE_IP
  • DEVICE_REMOTECONTROL_REMOTE_NAME
  • DEVICE_REMOTECONTROL_REMOTE_PLATFORM

Policy setting: Filter device REMOTING CLIENT runtime, version, outbound network, plugins, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_REMOTINGCLIENT_RUNTIME
  • DEVICE_REMOTINGCLIENT_VERSION
  • DEVICE_REMOTINGCLIENT_OUTBOUND_ADDRESS
  • DEVICE_REMOTINGCLIENT_OUTBOUND_DNS
  • DEVICE_REMOTINGCLIENT_PLUGINS_SKYPE
  • DEVICE_REMOTINGCLIENT_PLUGINS_SKYPE_VERSION

Policy setting: Filter device SCREEN SAVER enabled, secure, timeout and filename

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_SCREENSAVER_ENABLED
  • DEVICE_SCREENSAVER_SECURE
  • DEVICE_SCREENSAVER_TIMEOUT
  • DEVICE_SCREENSAVER_FILENAME

Policy setting: Filter device SECURITY PRODUCT antivirus, antispyware, firewall

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_SECURITYPRODUCT_ANTIVIRUS
  • DEVICE_SECURITYPRODUCT_ANTIVIRUS_NAME
  • DEVICE_SECURITYPRODUCT_ANTIVIRUS_TIMESTAMP
  • DEVICE_SECURITYPRODUCT_ANTISPYWARE
  • DEVICE_SECURITYPRODUCT_ANTISPYWARE_NAME
  • DEVICE_SECURITYPRODUCT_ANTISPYWARE_TIMESTAMP
  • DEVICE_SECURITYPRODUCT_FIREWALL
  • DEVICE_SECURITYPRODUCT_FIREWALL_NAME

Policy setting: Filter device SMARTCARDREADER name

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_SMARTCARDREADER_COUNT
  • DEVICE_SMARTCARDREADER_X_NAME

Policy setting: Filter device USER name, domain, local admin, auth, password age, groups, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_USER_NAME
  • DEVICE_USER_NAME_DOMAIN
  • DEVICE_USER_NAME_DOMAIN_DNS
  • DEVICE_USER_NAME_DN
  • DEVICE_USER_SID
  • DEVICE_USER_AUTH
  • DEVICE_USER_LOCALADMIN
  • DEVICE_USER_DOMAINLOGON
  • DEVICE_USER_CACHEDCREDENTIALS
  • DEVICE_USER_PASSWORD_AGE
  • DEVICE_USER_PASSWORD_AUTOLOGON
  • DEVICE_USER_AUTH_PROVIDER
  • DEVICE_USER_AUTH_PRINCIPAL
  • DEVICE_USER_GROUPS

Policy setting: Filter device WHOIS ip, dns, isp and country

Enables or disables whois properties within the virtual session.

Whois properties require internet access, and are impacted by the ‘Limit internet dependent properties to specific users’ policy, and also policies within the deviceTRUST\Properties\Whois folder.

The default behavior includes all properties. Available properties:

  • DEVICE_WHOIS_IP
  • DEVICE_WHOIS_DNS
  • DEVICE_WHOIS_ISP
  • DEVICE_WHOIS_COUNTRY

Policy setting: Filter device WINDOWS windows update, uac, internet settings

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_WINDOWS_SECURITY_WINDOWSUPDATE
  • DEVICE_WINDOWS_SECURITY_UAC
  • DEVICE_WINDOWS_SECURITY_INTERNETSETTINGS

Policy setting: Filter device WINDOWS DEFENDER status, last scan, versions, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_WINDOWSDEFENDER_STATUS
  • DEVICE_WINDOWSDEFENDER_LASTQUICKSCAN
  • DEVICE_WINDOWSDEFENDER_LASTFULLSCAN
  • DEVICE_WINDOWSDEFENDER_SIGNATURETHREATS
  • DEVICE_WINDOWSDEFENDER_BEHAVIORTHREATS
  • DEVICE_WINDOWSDEFENDER_VERSION_ENGINE
  • DEVICE_WINDOWSDEFENDER_VERSION_ANTIMALWARE
  • DEVICE_WINDOWSDEFENDER_VERSION_ANTIVIRUS
  • DEVICE_WINDOWSDEFENDER_VERSION_ANTISPYWARE
  • DEVICE_WINDOWSDEFENDER_VERSION_NETWORKENGINE
  • DEVICE_WINDOWSDEFENDER_VERSION_NETWORKDEFINITION

Policy setting: Filter device WINDOWS FIREWALL profile settings, rules, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_NAME
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_DISABLED
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_BLOCKALLINBOUND
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_INBOUNDALLOWED
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_OUTBOUNDALLOWED
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_DISABLEDNOTIFICATIONS
  • DEVICE_WINDOWSFIREWALL_ACTIVEPROFILES_RESPONDTOMULTICAST
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_PROGRAMS
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_PACKAGES
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_SERVICES
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_SYSTEM
  • DEVICE_WINDOWSFIREWALL_INBOUNDRULES_ANY
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_PROGRAMS
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_PACKAGES
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_SERVICES
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_SYSTEM
  • DEVICE_WINDOWSFIREWALL_OUTBOUNDRULES_ANY

Policy setting: Filter device WINDOWS UPDATE status, last install, pending updates, etc

Enables or disables device properties within the virtual session.

The default behavior includes all properties. Available properties:

  • DEVICE_WINDOWSUPDATE_ENABLED
  • DEVICE_WINDOWSUPDATE_VERSION
  • DEVICE_WINDOWSUPDATE_REBOOTREQUIRED
  • DEVICE_WINDOWSUPDATE_NOTIFICATIONLEVEL
  • DEVICE_WINDOWSUPDATE_LASTSEARCH
  • DEVICE_WINDOWSUPDATE_LASTINSTALL
  • DEVICE_WINDOWSUPDATE_PENDING_DEFINITION
  • DEVICE_WINDOWSUPDATE_PENDING_CRITICAL
  • DEVICE_WINDOWSUPDATE_PENDING_SECURITY
  • DEVICE_WINDOWSUPDATE_PENDING_ROLLUP
  • DEVICE_WINDOWSUPDATE_PENDING_SERVICEPACK
  • DEVICE_WINDOWSUPDATE_PENDING_UPDATE