Our company policy requires that we enable USB control and it's working well. However, there are times where our endpoint users need to temporarily make use of a thumb drive. Currently our options are:
- Move their computer to a policy that allows USB access (then remember to move them back once they are done)
- Provide our administrative password (which is also used for uninstalling SEP SBE - not a good option) for disabling the USB control - actually not sure this option is even still available
The feature idea is to give administrators the ability to select a computer and while viewing their current policy and history, click a button that will temporarily enable USB read/write access with the following options:
- Access for a specific amount of time in hours or days (or until next boot)
- Set a temporary password that they must use to make use of the option that is different from the main control password used for uninstalling the application
- Alternatively, or additionally, give me the ability to temporarily move the user to another policy group, and either automatically move them back after the specified amount of time or send the administrators a reminder to move them back after the selected time window.
This feature could also apply to a group of computers or to a particular policy, I suppose. For example, take a particular location or job role policy and give everyone with that policy temporary access to USB control.