Example: Configure whitelist for ClickShare Button via Local Group Policy Object (GPO) Windows Only

[KB11117]

Эта статья относится к следующим продуктам:

In some companies, the IT policy built into laptops prevents the use of ClickShare Button (i.e. USB port blocked). The button is not recognized by the operating system.

The process to remove the USB block so that the Clickshare button is recognized is unique to your company and will need to be customized, this is a general guideline.

It is stressed this is not a verbatim process, each company may have its unique process - the local group policy can be over-ridden by Active Directory Policy.

For a more detailed approach see:

https://docs.microsoft.com/en-us/windows/security/threat-protection/device-control/control-usb-devices-using-intune

Step-1:- Find the Button Hardware values needed to whitelist

a) Plug the Clickshare Button into a Laptop which with no USB Port Blocks.

b) Press ’’Window + R’’ Key will open RUN Command and Type ‘’ devmgmt.msc’’

 c) Get Clickshare Hardware Id Values from any of the Highlighted Locations.

d) The Clickshare Button Hardware value can be extracted.

 

 Step-2:- Block All USB Ports via GPO

Initially, you should block all USB devices not certified by the IT department

a) Right Click on desktop > Click on New > Click on Shortcut

b) Type ‘’gpedit.msc’’ > Press Next >Create Name of Shortcut as ‘’gpedit’’ and Finish.

c) Right-click the shortcut and select Run as Administrator.

 d) Click on ‘’Administrative Templates’’ > Click on ‘’System’’ > Click on ‘’Device Installation’’

>Open ‘’Device installation Restrictions’’ >Click on ‘’Prevent Installation of devices not described by other policy settings’’ New Dialogue Box Will Open.

 e) Click on ‘’Enabled’’, Apply the Settings and Press ‘’OK’’

 

 f) Now the policy must be activated.  Press ’’Window + R’’ Key will open RUN Command and Type ‘’ gpupdate /force /boot/logoff’’

 

 Step-3:- Finally we can Whitelist the Clickshare Button with GPO

Open Group Policy as before with Administrative rights (step 2b)

 a) Click on ‘’Administrative Templates’’ > Click on ‘’System’’ > Click on ‘’Device Installation’’

> Open ‘’Device installation Restrictions’’ > Click on ‘’Allow installation of devices that match any of these device IDs’’ New Dialogue Box Will Open.

 

  b) Add Clickshare white Values we discovered in step 1d

 

 c) Example  button Whitelist Values (Get yours from step 1d)

USB\VID_0600&PID_009F

USB\VID_0600&PID_009F&MI_04

USB\VID_0600&PID_009F&MI_00

USB\VID_0600&PID_009F&MI_03

USB\VID_0600&PID_009F&MI_01

USB\VID_0600&PID_009F&MI_02

Barco_ClickShare_0

MMDEVAPI\AudioEndpoints

USB\VID_0600&PID_009F&MI_04

USB\VID_0600&PID_009F&REV_0210&MI_04

d) Finally reload the group policy: Press ’’Window + R’’ Key will open RUN Command and Type ‘’ gpupdate /force /boot/logoff’’

 

SUMMARY:

The only USB device that will be recognized by the Windows OS is now the Clickshare button, no other USB devices will be recognized.

 

 Addendum:

The following information of Button needs to be whitelisted (this is a label on the button):

  • Buttons with article number R9861006D01 have VID_0600 and PID_0070
  • Buttons with article number R9861500D01 have VID_0600 and PID_009f 
  • Buttons with article number R9861600D01 have VID_0600 and PID_00CE

 

 

Свойства

[KB11117]

Последнее обновление Mar 16 2021

Была ли эта информация полезной?