Exempt a device from all policies

If you use role-based administration:

For more information, see Managing roles and sub-estates.

You can exempt a device from all policies, including the default one. That exception will then be added to all new policies you create.

You can exempt a device instance (“this device only”) or a specific device model (“all devices with this model ID”). Do not set multiple exemptions for the same device at both the model ID and device instance levels. If both are defined, the device instance level will take precedence.

To exempt a device from all device control policies:

  1. On the Events menu, click Device Control Events.
    The Device Control - Event Viewer dialog box appears.
  2. If you want to display only certain events, in the Search criteria pane, set the filters as appropriate and click Search to display the events.
    For more information, see View device control events.
  3. Select the entry for the device that you want to exempt from the policies, and then click Exempt Device.
    The Exempt device dialog box appears. Under Device details, you see the type, model, model ID and device ID of the device. Under Exemption details, Scope, you see the words “All policies.”
    Note: If there is no event for the device you want to exempt, for example, an integral CD or DVD drive on an endpoint computer, go to the computer containing the device and enable the device in the Device Manager. (To access Device Manager, right-click My Computer, click Manage, and then click Device Manager.) This will generate a new “block” event that will appear in the Device Control - Event Viewer dialog box. You can then exempt the device as described earlier in this step.
  4. Select whether you want to exempt this device only or all devices with this model ID.
  5. Select whether you want to allow full access or read-only access to the device.
  6. In the Comment field, enter a comment, if you wish. For example, you can specify who requested to exempt the device.
  7. Click OK.