SmartLine's DeviceLock lets you manage device security for portable devices by assigning users access levels to network devices and interfaces, such as USB and infrared ports, wireless network adapters, and removable storage devices. DeviceLock integrates with Active Directory (AD), making permissions management and deployment easy for large networks. DeviceLock runs under Windows Server 2003, Windows XP, Windows 2000 Server, and Windows NT Server.
You can deploy DeviceLock Service locally or remotely by using the supplied installation service, or—on networks that use AD—you can use Microsoft Systems Management Server (SMS) and Microsoft Windows Installer. DeviceLock Manager, the management-console component, offers the use of a Group Policy interface and Microsoft Management Console (MMC) snap-in.
DeviceLock starts by scanning and discovers the computers on your network. Then, you can use the device-access management functions to scan local or remote systems according to selected options. DeviceLock lets you configure user-access and device-access permissions by device type, device type group, user, and time of day. In my tests, I was able to configure permissions on a USB port to deny users the ability to write to the USB key device and create a customized message that was triggered when I plugged a USB device into a locked-down port. DeviceLock is a reasonably priced product that was easy to install and configure, provided robust auditing and reporting features, and let me customize permissions, audits, and reports to suit my needs.
PROS: Easy to use; can be deployed by using SMS or Windows Installer; provides optional MMC snap-in; can be managed with Group Policy; highly configurable