Leave a comment


We are excited about secRMM version!
This blog covers the two new features included in the latest secRMM release.

If you don’t yet know much about secRMM, it is Microsoft security software focused on securing and auditing removable “plug-and-play” storage media. This includes mobile devices, usb flash drives (including hardware encrypted devices), external hard drives, SD-Cards, etc. secRMM is different from other DLP solutions because it does not come with a complete security framework. Microsoft already provides the framework and technologies to help secRMM do its job. secRMM is integrated into Microsoft System Center: Configuration Manager (SCCM), Operations Manager (SCOM) and Orchestrator. secRMM supports Microsoft BitLocker and we will soon be releasing integration with Microsoft AD/Azure Rights Management Services (RMS). If you have SCCM in your environment, you know that Microsoft has a category of software called “Endpoint Protection”. Microsoft “Endpoint Protection” includes antimalware and firewall software. When you add endpoint DLP via secRMM, you end up with the equivalent of what you would buy from a security framework vendor. Microsoft also markets the
“Microsoft Enterprise Mobility Suite” (EMS). EMS is the combination of SCCM and Microsoft Intune. EMS falls under a category of software the industry calls Mobile Device Management (MDM). Within the MDM umbrella, there are software solutions called Mobile Content Management (MCM). secRMM is a perfect fit for EMS’s->MDM->MCM! :-) Given all that, if your environment is only running Microsoft Windows workstations (i.e. no backend Microsoft framework), secRMM can be installed on a Windows computer and be 100% functional. This is because secRMM only requires two base Windows components: the “Computer Management” console (i.e. the MMC) and the Windows event log.

Now, onto the two new secRMM features.

First, secRMM contains a new rule named “BlockProgramsOnDevice”. This rule (as its name implies) prevents programs (exe, com, cmd, bat, ps1, vbs, js, pl) from executing off of a removable plug-and-play storage device (USB drives and mobile devices). This feature is implemented in many antimalware software solutions. secRMM differentiates itself from antimalware by additionally recording the event (what program and who was running it) into the event log.

secRMM Event Id 514


Second, the secRMM mobile app titled “Windows Active Directory Login” is now published in the Microsoft Windows Store. In addition, this app is also available in the Apple IOS App Store, the BlackBerry Mobile App World and the Google Play Store. You can conveniently access all the app stores from the Squadra Technologies web site.

secRMM mobile app

secRMM Active Directory Login mobile app

“Windows Active Directory Login” mobile app explained:

First, this is an optional feature of secRMM. As an IT administrator, you can enable or disable the secRMM rule “RequireSmartPhoneLogin” (yes, it should really be named “RequireMobileDeviceLogin”…we will try to change this in the next release) using a simple checkbox. When “RequireSmartPhoneLogin” is checked and a mobile device is mounted to the Windows Operating System, secRMM will intercept the mobile device mount and verify if the end user has used the “Windows Active Directory Login” app within the last 5 minutes. If this condition is true, it will use the userid and password typed in from the app and perform an Active Directory (or local) login. If the credentials supplied in the app are valid (i.e. the userid and password combination work), secRMM will next check to see that those credentials are the same credentials that are currently active on the Windows computer where the mobile device was mounted. If the above tests all succeed, the mobile device is mounted to the Windows computer as a storage device. If any of the above tests fail, the mobile device is unmounted and a failure event is logged into the secRMM event log.
The “Windows Active Directory Login” mobile app puts your mobile devices on par with the “classic” USB hardware encryption solutions from the perspective that you are forced to authenticate before the device will mount. The nice thing about the app is that it uses the same Windows domain/local user account, whereas hardware encryption devices require their own password. While perhaps trivial, the end-user does need to remember yet another password and the Active Directory password policies are enforced.

secRMM mobile device online failure event

secRMM mobile device online failure event

See the screenshot above of a failed event due to improper credentials using the mobile app.

If you look at the last line of the event log screenshot, you will see that the userid specified in the app was “contoso\angela”. However, at the time of the mobile device mount, users contoso\administrator and local user w82\wdkremoteuser where logged into the Windows workstation (see second to last line in the event text). Since neither of the user accounts that are currently logged into the Windows workstation match the credentials specified in the app (i.e. contoso\angela), the mobile device is not allowed to mount. Notice in the event text, last line, it tells you that the mobile device had a “forced unmount”.

We hope you find these two features useful in your security toolbox!

1 Comment

SCCM with 100% USB/Mobile Device storage security

SCCM Console

SCCM Console

Security Removable Media Manager (secRMM) is Windows security software that audits and authorizes write activity to storage devices that connect using the USB port.  This includes smart phones, tablets, flash drives (including hardware and/or software encryption), external hard drives, SD-Cards, and CD/DVD.  secRMM fits into a category of software commonly referred to as “Data Loss Prevention” (DLP).  secRMM completes Microsoft’s endpoint protection strategy (antimalware, firewall, software updates) by adding DLP.

secRMM Excel AddIn

secRMM Excel AddIn

secRMM version 7.0 provides more integration points with Microsoft System Center  Configuration Manager 2012 (SCCM).  Prior to version 7.0, secRMM offered the SCCM Console Extension that allowed centralized policy management/configuration.  The new secRMM features in version 7.0 tie in with the Console Extension and allow you to work with secRMM without ever having to leave the SCCM console!

The new features are:

1. secRMM SCCM status messages
2. secRMM SCCM reports
3. secRMM Excel AddIn to view the SCCM status messages

The SCCM integration is a big step forward for secRMM but it is not the end of the Microsoft System Center integration story.  secRMM is also integrated into Microsoft System Center Operations Manager (SCOM).  secRMM has a complete

SCCM report for secRMM

SCCM report for secRMM

SCOM Management Pack that includes: alerts, tasks and reports.  In fact, if you are using the security reporting database within SCOM (called Audit and Collection Services: ACS), secRMM has reports for ACS.  secRMM has reports for the SCOM Data Warehouse as well.

A free two week trial of secRMM is available at Squadra Technologies.  For documentation on the secRMM SCCM integration, please read the secRMM SCCM 2012 Administrator Guide.

Leave a comment

USB encryption hardware and secRMM

Many organizations either choose or are required to use hardware encryption technology to provide a layer of security for removing sensitive files from their network through removable media.

secRMM works seamlessly with these technologies to generate security events which inform the system administrator:

  • the encrypted device has been mounted,
  • whether authorization was granted,
  • all successful and failed write events,
  • when the device goes offline.
  • all administrative changes to the removable media security policies

No longer do organizations have to rely on company policies and procedures to limit the use of the USB port.
Instead, they can actively manage, secure, and audit it internally with secRMM.

Squadra Technologies has partnered with the following hardware encryption companies below.
These companies see the synergy between their hardware solutions and the secRMM software.
1. Apricorn
2. DataLocker
3. Imation
4. Kanguru

secRMM Benefits…

  • Whitelist specific encrypted devices by the vendor ID (VID) and/or product ID (PID).
  • By whitelisting only the preferred encrypted device (company device) secRMM thereby prevents the writing of data onto any other type of removable media device.
  • Provides security to prevent the mounting and data transfer to devices beyond the classic USB, including but not limited to; BlackBerry, apple, Windows, and Android.
  • Captures the complete path of the source file being copied onto the encrypted device. (i.e.- knowledge of the exact file that has been written and where it came from).
  • Logs failed attempts at data transfers through the USB, providing the who, what, where and when of the attempted transfer.

    A free two week trial of secRMM is available at Squadra Technologies.

Leave a comment

BlackBerry OS 10 USB security

 BlackBerry OS 10 support

secRMM now provides USB security for BlackBerry OS 10 devices with the release of secRMM version  BlackBerry devices are famous for their security coverage.  You can read more about BlackBerry security at http://us.blackberry.com/business/blackberry-advantage.html.  secRMM now extends this security coverage so that all activity pertaining to files copied to the device are recorded into the Windows Security Event log.  In addition to the verbose event logging, secRMM also provides security rules (policies) that you can set for each Windows system or users.  These security rules are simple to configure yet are extremely powerful when it comes to protecting sensitive data files within your domain.  As an example, secRMM lets you define the domain locations where files can be copied from.  Any other locations are blocked.  This feature does not require any modifications to the domain (i.e. Active Directory schema, NTFS, NAP, etc.)


Click image to view larger.

The BlackBerry integration completes the secRMM mobile device coverage.  secRMM now has support for the 4 major mobile device platforms: BlackBerry, Android, Apple and Windows.  secRMM is unique in the fact that it provides the same functions for “classic USB” storage devices (i.e. USB storage devices that get assigned a drive letter by the Windows Operating System) as it does for mobile devices.  This becomes a significant cost savings since competing solutions implement classic USB and mobile security as separate products.

For enterprise customers who want to securely allow BlackBerry device USB connections so workers can effectively copy files to their devices, we highly recommend you consider using secRMM and implementing the following BlackBerry knowledge base article: http://www.blackberry.com/btsc/KB33859.

A free two week trial of secRMM is available at Squadra Technologies.


Click image to view larger.

Leave a comment

Securing Cd/Dvds with secRMM


secRMM secures when end-users write files to Cd/Dvds (we will just call it a disc in this article) just the same as when they use a flash drive or mobile device. The Windows operating system offers two different ways to write to discs. You can read a Microsoft description at http://windows.microsoft.com/en-us/windows/which-cd-dvd-format#1TC=windows-7. When you insert a blank disc, Windows will display a dialog asking how you want to use the disc (see screen shot). secRMM will apply security rules to either method chosen. It is up to the security or IT administrator how the security will work on disc.

There are two secRMM properties (rules) that apply to discs. The first one is set to on by default and is called “MonitorCDROMAndDVD”. As its name implies, it tells secRMM whether to monitor the disc while it is insCD/DVD secRMM Propertyerted into the Windows computer (the property is set to on) or not to monitor the disc while it is inserted into the Windows computer (the property is not set). When “MonitorCDROMAndDVD” is on, secRMM records the ONLINE/OFFLINE events, the WRITE events and any AUTHORIZATION failure events that might occur. This is exactly how secRMM handles any removable storage such as flash drives, external hard drives and all mobile devices.

The second secRMM property related to discs is the “BlockCDROMAndDVDWrites” property. As its name implies, writing to any disc will be blocked (i.e. not allowed). The benefit of using the “BlockCDROMAndDVDWrites” property

CD2 as opposed to disallowing discs via Active Directory Group Policy is that secRMM will log the write violation which tells you who the violator was (userid), what file they were trying to copy (the source file), where they were trying to copy it to (the target file which will be somewhere on the disc), what program they were using (explorer in this case), the time they attempted the write, and what computer the user was logged into. All of this information is logged into the security event log and the secRMM event log.

If you are not interested in recording disc write violations but just want to prevent users from mounting writable discs, you can also enable the “Enforce when device is plugged in.” setting. When “Enforce when device is plugged in.” is on, as soon as the end-user inserts the disc into the drive, Windows will eject the disc. secRMM will log an ONLINE error which indicates the disc was forcibly un-mounted (see screen shot).


secRMM is all about enabling productivity by allowing end-users to use removable storage while still protecting and securing the corporations data assets. As you can see, this applies to Cd/Dvds as well.

You can see a YouTube video on this subject at https://www.youtube.com/watch?v=7Ec3MD47-ws.

A free two week trial of secRMM is available at Squadra Technologies.

Leave a comment

Using Powershell to copy data from your apple iPad/iPhone

With the recent release of secRMM 5.7, you can use the secRMM SDK/API to copy data to and from mobile devices.  This includes apple mobile devices.  For an overview of the apple functionality provided by secRMM, please read this blog.

secRMM provides an out-of-the-box “Windows explorer like GUI” program called SafeCopy which allows you to do file copies interactively.

Today, though, we will show IT admins how to do this programmatically using Microsoft Powershell.

Here is the code.  Hopefully to the Powershell enthusiast, it is self explanatory.

#To run this batch, from a DOS command window, type:
#powershell “& ‘C:\BlogPost\CopyFromDevice.ps1′”

#Create the secRMM mobile device object
$l_objSecRMM = New-Object -COM secRMMWPDApiCOM;

#Lets set the device, source file and target file
$l_strMobileDevice = “My iPad
$l_strAppleSource = “com.myCompany.mobileApp1/Documents/TodaysSales.docx“;
$l_strWindowsTarget = “C:\Users\Angela\SalesFor08092014.docx“;

#Lets execute the file copy operation
$l_strReturnCode =

if ($l_strReturnCode -eq “1”)
Write-Host $l_strAppleSource “copied to” $l_strWindowsTarget;
Write-Host $l_strAppleSource “NOT copied to” $l_strWindowsTarget “:” $l_strReturnCode;

For more details, please see https://www.youtube.com/watch?v=EYVn6pfk6lw

Happy scripting!

P.S. Yes, you can do the exact same in VBScript and JScript or in your favorite .Net language.  Native C++ coders, there is a tlb for you to #import as well!

A free two week trial of secRMM is available at Squadra Technologies.

Leave a comment

Apple mobile devices in the enterprise

Apple is moving towards better integrating their mobile solutions into the enterprise environment (see https://www.apple.com/ios/ios8/enterprise/). Many businesses use Windows workstations as the primary endpoint computer; meaning, the computer used by the worker.

Squadra Technologies’ new release, version is 5.7 of “Security Removable Media Manager” (secRMM), supports apples direction of moving into the enterprise (see https://www.youtube.com/watch?v=EYVn6pfk6lw).  secRMM provides a security layer for apple mobile devices attached to a Windows computer using a USB cable.

secRMM is a security product that records all files written to any storage device attached to a Windows computer by a USB connection.  It also allows you to specify simple rules to prevent using removable media.  In addition to Android, BlackBerry and Windows mobile devices, secRMM 5.7 includes apple mobile devices.  In general, any device that Windows identifies as a storage object will be protected by secRMM.

Additionally, secRMM provides a mobile device app for Android, apple, BlackBerry and Windows phone that adds an extra layer of security.  Using their Windows credentials, the user must login using the secRMM mobile device app before allowing the device to become mounted to the Windows computer.  A YouTube video about the secRMM mobile device app is at http://www.youtube.com/watch?v=F9tO428gTV4.

For enterprises preferring not to allow iTunes to their end-users, secRMM has an end-user tool called SafeCopy.  SafeCopy is a “Windows explorer” like tool that allows copying files to and from the apple mobile device and the Windows computer.  You only need to install the apple device drivers (rather than the whole iTunes stack) so secRMM can interact with the mobile device via the “apple mobile device service”.

secRMM 5.7 also ships a collection of apple command-line utilities that perform many tasks necessary to use the mobile device as a tool within the enterprise.  This includes such tasks as:
1. Listing what apps and their version are installed on the device
2. Install and uninstall apps
3. List, install and backup provisioning profiles
4. Backup the device
5. Copying data to and from the device

While secRMM provides SafeCopy so you can move files to and from the mobile devices, it also ships with a Software Development Kit (SDK) to allow businesses to build their own solutions to integrate the apple device, or any other mobile device, into their environment.  The SDK is comprised of a COM type library (tlb) and .Net COM-Interop dlls for:
1. 32 bit and 64 bit systems
2. .Net pre-40 and .Net 4.0 and greater

The release of secRMM 5.7 is timed perfectly with apples new enterprise direction.

We hope you consider secRMM 5.7 as a necessary tool to keep your sensitive data safe.


For more information, please visit the Squadra Technologies web site.

To see how to copy a file from an apple device using Powershell, please read this blog.


Get every new post delivered to your Inbox.