How to change the password override key combination for Device Control

Version 6

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x



    In this article, I am going to show you how you can bypass the device control blocks on an end client using a simple or complex key combination of your choice. This can also be removed for security purposes as well.


    This is very useful for example if you want to install or you want your IT personnel to install or move data from device to device without having to go through what can become a lengthy procedure to allow your external devices, such as a USB or external hard drive.


    Information on this from the help site can be found here.




    The 'hotkey' is only useful if you have enabled the device control option in the first place. Otherwise, you can just go ahead and plug in your device and do what you need to do.


    The location of the customisable 'hotkey' can be found following these steps:


    1. In the Ivanti EPM console window navigate to Tools > Configuration > Agent settings
    2. Within the agent settings navigate to the Endpoint Security agent settings that you have applied to your end client machines: 'All Agent Settings' > 'Security' > 'Endpoint Security'
    3. Open up the settings you wish to configure:
    4. As you can see in the above screenshot this is the location of the area where you can customize the 'Device Control bypass hotkey:'
    5. Once changed the client will either update the agent settings on itself automatically during the next security scan or you can push out the settings manually by updating the Endpoint Security settings using the 'Change Settings' option:


    What to consider when changing the hotkey:


    • Make sure the hotkey you are going to use is not being used by another program. An end client is not going to appreciate it if you accidentally close their application that they have been working on for hours.
    • Do you need a hotkey?  Having a hotkey has a security implication as it creates a hole in your network that your users can exploit. This will depend on the environment that you use it in. I would recommend that you either turn it off or make it more complex.

    If you delete the current keys, the above will show up and no combination will be able to bypass the block