HP ProtectTools User Guide - Windows XP, Windows Vista, Windows 7
Stopping the Device Locking/Auditing service does not stop the device locking. Two components
enforce device locking:
●
Device Locking/Auditing service
●
DAMDrv.sys driver
Starting the service starts the device driver, but stopping the service does not stop the driver.
To determine whether the background service is running, open a command prompt window, and then
type sc query flcdlock.
To determine whether the device driver is running, open a command prompt window, and then type sc
query damdrv.
Device Class Configuration
Administrators and authorized users can view and modify lists of users and groups that are allowed or
denied permission to access classes of devices or specific devices.
NOTE: In order to use this view to read device access information, the user or group must be granted
"read" access in the User Access Settings view. In order to use this view to modify device access
information, the user or group must be granted "change" access in the User Access Settings view.
The Device Class Configuration view has the following sections:
●
Device List—Shows all the device classes and devices that are installed on the system or that
may have been installed on the system previously.
◦
Protection is usually applied for a device class. A user or group selected will be able to access
any device in the device class.
◦
Protection may also be applied to specific devices.
●
User List—shows all users and groups that are allowed or denied access to the selected device
class or specific device.
◦
The User List entry may be made for a specific user, or for a group of which the user is a
member.
◦
If a user or group entry in the User List is unavailable, the setting has been inherited from the
device class in the Device List or from the Class folder.
◦
Some device classes, such as DVD and CD-ROM, may be further controlled by allowing or
denying access separately for read and write operations.
As for other devices and classes, read and write access rights can be inherited. For instance,
Read access may be inherited from a higher class, but Write access may be specifically
denied for a user or group.
NOTE: If the Read check box is blank, then the access control entry has no effect on read
access to the device. It neither grants nor denies read access to the device.
Example 1—If a user or group is denied write access for a device or class of devices:
The same user, the same group, or a member of the same group can be granted write access
or read+write access only for a device below this device in the device hierarchy.
Example 2—If a user or group is allowed write access for a device or class of devices:
Setup Procedures 73










