How To: Grant Temporary Access to Features Blocked by Endpoint Protection

Version 9

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    Issue

     

    When trying to perform certain tasks, a popup appears indicating the action is unauthorized.

     

    Device control: Unauthorized storage device detected.
    DEVICE CONTROL
    Generic volume
         

     

    a-device blocked.png

     

    Cause

     

    LDMS Endpoint Security has disabled a feature that is trying to be accessed.

    Solution / Workaround

          Client Side

     

    • On the client machine, open the LANDESK Endpoint Security Interface.
      • From the system tray: double click the Shield icon for LANDESK Endpoint Security

    1-systray icon.png

      • From start menu: Start | Programs | LANDESK Management | LANDESK Endpoint Security

    2-start menu.png

     

      • From the executable: "C:\Program Files (x86)\LANDesk\LDClient\hips\VIGUARD.exe"

     

    • Within the LANDESK Endpoint Security interface, select the Status section.
    • In the Status field are the different options that can be modified temporarily.
    • Select the component, and set the configuration accordingly
      • Note: The Disabled value indicates that feature is not in use.
      • Example: To temporarily allow USB use on the machine, on the Device Control line, set the value from Blocking to Disabled.

           ===Please be aware of: when using the temporary password, the feature is disabled for 15 minutes (hard-coded), and will automatically revert to block mode after the timeout===

     

     

    3-interface.png

     

    • When the value is changed, a popup will appear. The popup will list a unique, random Operation code that must be provided for validation within the LDMS Console.
    Restricted operation
    Operation requires Administrator password:
    Operation code:
         

     

    4-code popup.png

     

     

         Console Side

     

    • Within the Console navigate to Tools | Security and Compliance | Agent Settings.

     

    5-agent settings.png

     

    • Click Configure Settings | Generate authorization code.

     

    6-generate code.png

     

    • The Authorization code generation screen appears.
    • Enter the Operation Codefrom the agent into the field 'Enter user's operation code:'
    • If the code is valid, anAuthorization code and Operation Type will be listed.
    • Provide the Authorization codeto the user to enter on the Agent.

     

    7-result.png

     

     

        Client Side

    • Enter the Authorization Code generated on the Console, into the text field on the client, and press Ok.

     

    8-enter passcode.png

     

    • The configuration should now reflect 'Disabled' indicating that feature is not in use.

     

    Note: The authorization code is a one-time use only code.  It can be used one time for a specific operation and may not be used again.   If the client needs to perform a different operation a new operation code must be requested.   The authorization code action does not have a timeout.

     

    9-feature disabled.png

     


    CAUTION:
    Inaccurate pop-up message

     

    When a user is given access via an authorization code, a pop-up message on the end user device may indicate that HIPS has been disabled regardless of the actual action taken by the user. This message can be ignored.

     

     

    Related Information:

    Generate security authorization codes