Leave a comment

USB security in cloud, on-premise, hybrid and/or air-gapped environments

08/09/2021 – Product overview: secRMM is a Windows security solution that audits and controls access to removable storage devices (i.e. USB drives and mobile devices).  secRMM is very easy to implement in that it can operate on a standalone Windows computer (even XP!) or can be centrally managed for thousands of computers.  It can be configured to have security policies for computers and/or groups of users.

Article details: The ‘secRMM Policy Configurator’ program makes it easy for you to use one ‘User Interface’ (UI) program regardless of the way you want to deploy the ‘USB security policies’ to your endpoint computers.  Even if you have computers that are on an isolated network (the popular computer phrase for this is ‘air-gapped’).  This is common in highly classified environments where the computers may be running in a ‘sensitive compartmented information facility’ (SCIF).  Or even if you have completely standalone computers (i.e no network connection). 

The ‘secRMM Policy Configurator’ supports (today) 4 different modes:

1. Microsoft SCCM (also called: Microsoft Endpoint Configuration Manager (MECM))

Microsoft calls this the on-premise solution.

Please note the secRMM also has a fully integrated ‘SCCM Console Extension’ so that you can deploy, configure, report and view ‘live dashboard charts’ from right within the SCCM console.
Which User Interface you use (or both!) is entirely up to you.

secRMM Policy Configurator in SCCM mode

2. Microsoft Intune (also called: Endpoint Manager)

Microsoft calls this the cloud solution.

secRMM Policy Configurator in Intune mode

3. Microsoft Active Directory Group Policy Objects (AD GPO)

This is another on-premise solution from Microsoft.

secRMM Policy Configurator in Active Directory GPO mode

4. Endpoint

This is the term we chose to call when you are operating in an air-gapped or standalone computer mode.

secRMM Policy Configurator in Endpoint mode

As you can see from the screenshots above, each mode has a slightly different set of properties that are required to utilize the mode.  The ‘secRMM Policy Configurator’ handles the differences between the modes so that when you are creating, editing or deleting a USB security policy, it always looks just the same, regardless of the mode.  You can see the common editor in the screenshot below.

secRMM Policy Configurator editor

If you would like to use the ‘secRMM Policy Configurator’ support, you can download it from the Squadra Technologies web site:
 www.squadratechnologies.com->software->secRMM->Download->Optional Downloads->secRMM Policy Configurator as shown in the screenshot below.

Where to download the secRMM Policy Configurator

Closing: We hope you find this tool useful for your environment(s).  Please let us know what you think or if you have a requirement for a different environment/framework.  You can get more details about secRMM by visiting https://www.squadratechnologies.com.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: