Novell ZENworks Endpoint Security Management 3.5 Manuale Utente
ZENworks® ESM 3.5
Administrator’s Manual
111
Enable allows complete access to the communication port.
Disable denies all access to the communication port.
Note:
Wi-Fi Adapters are either controlled globally, or disabled locally using the Wi-Fi Security Controls.
Adapters may be specified by brand using the Approved Wireless Adapter list (see below).
Adapters may be specified by brand using the Approved Wireless Adapter list (see below).
Approved Dialup Adapters List
The ZSC can block all but specified, approved dialup adapters (modems) from connecting. For
example, an administrator can implement a policy which only allows a specific brand or type of
modem card. This reduces the support costs associated with employees' use of unsupported
hardware.
example, an administrator can implement a policy which only allows a specific brand or type of
modem card. This reduces the support costs associated with employees' use of unsupported
hardware.
Approved Wireless Adapters List
The ZSC can block all but specified, approved wireless adapter(s) from connecting. For example,
an administrator can implement a policy which only allows a specific brand or type of wireless
card. This reduces the support costs associated with employees' use of unsupported hardware, and
better enables support for, and enforcement of, IEEE standards-based security initiatives, as well
as LEAP, PEAP, WPA, TKIP, and others.
an administrator can implement a policy which only allows a specific brand or type of wireless
card. This reduces the support costs associated with employees' use of unsupported hardware, and
better enables support for, and enforcement of, IEEE standards-based security initiatives, as well
as LEAP, PEAP, WPA, TKIP, and others.
Using the AdapterAware™ Feature:
The ZENworks Security Client receives notification whenever a network device is installed in the
system and determines if the device is authorized or unauthorized. If it is unauthorized, the
solution will disable the device driver, which renders this new device unusable, and will notify the
user of the situation.
system and determines if the device is authorized or unauthorized. If it is unauthorized, the
solution will disable the device driver, which renders this new device unusable, and will notify the
user of the situation.
Note:
When a new unauthorized adapter (both Dial-up and Wireless) first installs its drivers on the endpoint (via
PCMCIA or USB), the adapter will show as enabled in Windows Device Manager until the system is re-
booted, though all network connectivity will be blocked.
PCMCIA or USB), the adapter will show as enabled in Windows Device Manager until the system is re-
booted, though all network connectivity will be blocked.
Enter the name of each adapter allowed. Partial adapter names are permitted. Adapter names are
limited to 50 characters and are case sensitive. The device name is needed by the Windows 2000
operating system to provide this functionality. If no adapters are entered, ALL adapters of the type
will be allowed. If only one adapter is entered, then only that single adapter will be allowed at this
location.
limited to 50 characters and are case sensitive. The device name is needed by the Windows 2000
operating system to provide this functionality. If no adapters are entered, ALL adapters of the type
will be allowed. If only one adapter is entered, then only that single adapter will be allowed at this
location.
Note:
If the endpoint is in a location that defines ONLY an AP's SSID as the network identification, the ZSC will
switch to that location BEFORE disabling the unauthorized adapter. A password override should be used
to provide a manual location switch if this occurs.
switch to that location BEFORE disabling the unauthorized adapter. A password override should be used
to provide a manual location switch if this occurs.