Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=server-protection-peripheral-control

Server Peripheral Control Policy

Peripheral control lets you control access to peripherals and removable media. You can also exempt individual peripherals from that control.

Go to My Products > Server > Policies to control access.

To set up a policy, do as follows:

  • Create a Peripheral Control policy. See Create or Edit a Policy.
  • Open the policy's Settings tab and configure it as described below. Make sure the policy is turned on.

Manage Peripherals

In Manage Peripherals, select how you want to control peripherals:

  • Monitor but do not block (all peripherals will be allowed). If you select this, access to all peripherals is allowed, regardless of any settings below. All peripherals used will be detected but you cannot set access rules for them.
  • Control access by peripheral type and add exemptions. If you select this, you can go on to set access policies for peripheral types and for individual detected peripherals.

Set Access Policies

Set access policies in the table.

The table displays detected peripheral types, the number of each type detected, and the current access policy.

Note

The totals include all peripherals detected, whether on endpoint computers or servers. This makes it easier to set consistent policies for all devices.

Note

The MTP/PTP category includes devices such as phones, tablets, cameras, and media players that connect using the MTP or PTP protocols.

For each peripheral type, you can change the access policy:

  • Allow: Peripherals are not restricted in any way.
  • Block: Peripherals are not allowed at all.
  • Read Only: Peripherals can be accessed only for reading.

Note

The Bluetooth, Infrared, and Modem categories do not have the Read Only option.

Note

The Wireless category has a Block Bridged option. This prevents bridging of two networks.

Peripheral Exemptions

Click the Peripheral Exemptions fold-out if you want to exempt individual peripherals from the control settings, or apply less restrictive controls.

  1. Click Add Exemptions.

  2. In Add Peripheral Exemptions, you'll see a list of detected peripherals.

    Note

    Peripherals are detected when you are in monitoring mode or if there is an access restriction for that type of peripheral.

    Note

    This list shows all peripherals detected, whether on endpoint computers or servers. This makes it easier to set consistent exemptions for all devices.

  3. Select a peripheral.

  4. In the Policy column, you can optionally use the drop-down list to assign a specific access policy to an exempt peripheral.

    Note

    Do not set a stricter access policy for an individual peripheral than for its peripheral type. If you do, the setting for the individual policy is ignored and a warning icon is displayed beside it.

  5. In the Enforce By column, you can optionally use the drop-down menu to apply the policy to all peripherals of that model or to ones with the same ID (the list shows you the model and ID).

  6. Click Add Exemption(s).

Desktop Messaging

You can add a message to the end of the standard notification. If you leave the message box empty only the standard message is shown.

Desktop Messaging is on by default.

Note

If you switch off Desktop Messaging you will not see any notification messages related to Peripheral Control.

Click in the message box and enter the text you want to add.