How To: Grant Temporary Access to Features Blocked by Endpoint Protection

Version 9

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.x



    When trying to perform certain tasks, a popup appears indicating the action is unauthorized.


    Device control: Unauthorized storage device detected.
    Generic volume


    a-device blocked.png




    LDMS Endpoint Security has disabled a feature that is trying to be accessed.

    Solution / Workaround

          Client Side


    • On the client machine, open the LANDESK Endpoint Security Interface.
      • From the system tray: double click the Shield icon for LANDESK Endpoint Security

    1-systray icon.png

      • From start menu: Start | Programs | LANDESK Management | LANDESK Endpoint Security

    2-start menu.png


      • From the executable: "C:\Program Files (x86)\LANDesk\LDClient\hips\VIGUARD.exe"


    • Within the LANDESK Endpoint Security interface, select the Status section.
    • In the Status field are the different options that can be modified temporarily.
    • Select the component, and set the configuration accordingly
      • Note: The Disabled value indicates that feature is not in use.
      • Example: To temporarily allow USB use on the machine, on the Device Control line, set the value from Blocking to Disabled.

           ===Please be aware of: when using the temporary password, the feature is disabled for 15 minutes (hard-coded), and will automatically revert to block mode after the timeout===





    • When the value is changed, a popup will appear. The popup will list a unique, random Operation code that must be provided for validation within the LDMS Console.
    Restricted operation
    Operation requires Administrator password:
    Operation code:


    4-code popup.png



         Console Side


    • Within the Console navigate to Tools | Security and Compliance | Agent Settings.


    5-agent settings.png


    • Click Configure Settings | Generate authorization code.


    6-generate code.png


    • The Authorization code generation screen appears.
    • Enter the Operation Codefrom the agent into the field 'Enter user's operation code:'
    • If the code is valid, anAuthorization code and Operation Type will be listed.
    • Provide the Authorization codeto the user to enter on the Agent.





        Client Side

    • Enter the Authorization Code generated on the Console, into the text field on the client, and press Ok.


    8-enter passcode.png


    • The configuration should now reflect 'Disabled' indicating that feature is not in use.


    Note: The authorization code is a one-time use only code.  It can be used one time for a specific operation and may not be used again.   If the client needs to perform a different operation a new operation code must be requested.   The authorization code action does not have a timeout.


    9-feature disabled.png


    Inaccurate pop-up message


    When a user is given access via an authorization code, a pop-up message on the end user device may indicate that HIPS has been disabled regardless of the actual action taken by the user. This message can be ignored.



    Related Information:

    Generate security authorization codes