CN111506893A - External equipment management method and device, electronic equipment and storage medium - Google Patents
External equipment management method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111506893A CN111506893A CN202010268691.9A CN202010268691A CN111506893A CN 111506893 A CN111506893 A CN 111506893A CN 202010268691 A CN202010268691 A CN 202010268691A CN 111506893 A CN111506893 A CN 111506893A
- Authority
- CN
- China
- Prior art keywords
- external device
- external equipment
- identity information
- external
- group policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims description 170
- 238000012795 verification Methods 0.000 claims abstract description 19
- 230000002093 peripheral effect Effects 0.000 claims description 26
- 238000005516 engineering process Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 7
- 238000000034 method Methods 0.000 abstract description 56
- 230000008569 process Effects 0.000 abstract description 34
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 11
- 238000012544 monitoring process Methods 0.000 description 6
- 238000012546 transfer Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000004888 barrier function Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 239000013256 coordination polymer Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for managing external equipment, electronic equipment and a storage medium, wherein the method comprises the following steps: when the external equipment is detected, acquiring the identity information of the external equipment; verifying the identity information by using an external equipment management list in the group policy; if the verification is passed, allowing the external equipment to be used; if the verification is not passed, the use of the external equipment is forbidden; when the external equipment is detected, the method verifies the identity information of the external equipment by using the group strategy with the external equipment management list, and the external equipment can be allowed to operate only when the identity information of the external equipment passes the verification, so that the external equipment is used, the accurate management of the single external equipment is completed by using the group strategy, namely, the management process of the external equipment of the minimum unit is realized, various personalized requirements of a user can be met, and the convenience, the reliability and the adaptability of the management of the external equipment are improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for managing an external device, an electronic device, and a storage medium.
Background
With the wide application of internet technology, the electronization degree of various industries is higher and higher. Accordingly, data security is also becoming increasingly important. At present, many enterprises have realized intranet separation for the user can't directly send secret data to the extranet, has guaranteed data security to a certain extent. However, the internal network barrier cannot completely avoid leakage of the confidential data, because the user can also transfer the confidential data through external devices such as a usb disk copy, an external mobile network card, a printer, and the like, so that the confidential data is leaked, and great hidden danger is brought to data security of an enterprise.
Disclosure of Invention
The invention aims to provide an external device management method, an external device management device, an electronic device and a storage medium, wherein a group policy is set with an external device management list, so that accurate management of a single external device can be realized, various personalized requirements of a user are met, and convenience, reliability and adaptability of external device management are improved.
To solve the above technical problem, the present invention provides an external device management method, including:
when the external equipment is detected, acquiring the identity information of the external equipment;
verifying the identity information by using an external equipment management name list in the group policy;
if the verification is passed, allowing the external equipment to be used;
and if the verification is not passed, forbidding the use of the external equipment.
In one possible implementation manner, the external device management method further includes:
and when the group strategy is monitored to be modified, the unmodified group strategy is retransmitted.
In another possible implementation manner, before the obtaining the identity information of the external device when the external device is detected, the method further includes:
creating the external equipment management list;
and setting the external equipment management list into the group policy, and issuing the group policy.
In another possible implementation manner, the creating the external device management list includes:
acquiring identity information of target external equipment;
and forming the external equipment management list according to the identity information of the target external equipment.
In another possible implementation manner, the obtaining identity information of the target external device includes:
and acquiring the identity information of the target external device by using a device information enumeration technology.
In another possible implementation manner, the obtaining identity information of the target external device includes:
and acquiring the identity information of the target external equipment by utilizing an equipment manager.
In another possible implementation manner, before issuing the group policy, the method further includes:
setting the selected prohibited-use external device type into the group policy; wherein the external device type includes at least one of a storage device, a network device, a Bluetooth device, a camera, and a printer.
In another aspect, the present invention provides an external device management apparatus, including:
the peripheral identity information acquisition module is used for acquiring the identity information of the external equipment when the external equipment is detected;
the peripheral management module is used for verifying the identity information by using an external equipment management name list in the group policy; if the verification is passed, allowing the external equipment to be used; and if the verification is not passed, forbidding the use of the external equipment.
In yet another aspect, the present invention also provides an electronic device, including:
a memory for storing a computer program;
a processor for implementing the external device management method as described above when executing the computer program.
In still another aspect, the present invention further provides a storage medium, where computer-executable instructions are stored, and when the computer-executable instructions are loaded and executed by a processor, the external device management method as described above is implemented.
Therefore, when the external equipment is detected, the method acquires the identity information of the external equipment, verifies the identity information of the external equipment by using the group policy with the external equipment management list, and allows the external equipment to operate only when the identity information of the external equipment passes the verification, so that the external equipment is used to realize the management of the external equipment; namely, the management of each external device can be realized by setting the external device management list in the group policy, and then the accurate management of a single external device can be completed through the group policy, namely, the management process of the external device aiming at the minimum unit is realized, various personalized requirements of users can be met, and the convenience, reliability and adaptability of the management of the external device are improved.
Accordingly, the present invention further provides an external device management apparatus, an electronic device, and a storage medium, which have the above beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic diagram of a hardware composition framework to which an external device management method according to an embodiment of the present invention is applied;
fig. 2 is a flowchart of an external device management method according to an embodiment of the present invention;
fig. 3 is a flowchart of a group policy setting method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a detailed information interface according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a peripheral management and control rule interface according to an embodiment of the present invention;
fig. 6 is a block diagram of an external device management apparatus according to an embodiment of the present invention;
fig. 7 is a block diagram of an electronic device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Since data security is very important for users, especially enterprise users, once confidential data is leaked, serious loss is brought to the users. In the related art, the leakage of confidential data is generally avoided by the technical means of intranet blocking. However, the internal network barrier cannot completely avoid leakage of the confidential data, because the user can also transfer the confidential data through external devices such as a usb disk copy, an external mobile network card, a printer, and the like, so that the confidential data is leaked, and great hidden danger is brought to data security of an enterprise. Therefore, in order to secure data, it is necessary to manage the external device used by the user. The embodiment of the invention realizes the accurate management of the external equipment through the group strategy with the external equipment management list, thereby solving the problems.
For convenience of understanding, the hardware components to which the external device management method according to the present invention is applied will be described first. The embodiment of the invention can be applied to a single electronic device, can also be all electronic devices in a local area network, and can also be all electronic devices specified by a user, such as all electronic devices in the local area network. It should be noted that, in the embodiment of the present invention, a specific structure of the electronic device is not limited as long as the electronic device can execute the external device management method provided in the embodiment of the present invention. For example, the electronic device may be a PC (e.g., a desktop computer, a notebook computer, a tablet computer, an ultrabook, etc.) or a server. Referring to fig. 1, an application scenario composed of n user computers, an AC control center, and a network is described as an example. As can be seen from fig. 1, the hardware composition framework may include: an AC control center 10, n user computers 20. The AC control center 10 may be a customer premise device having administrator authority, or may be an administrator premise device directly, which is not limited to this. The AC control center 10 creates an external device management list according to the administrator input information; and sets the external device management list into the group policy, and after the group policy setting is completed, issues the group policy to each specified user computer 20. Each user computer 20 executes the group policy after receiving the group policy, and when the user computer 20 executes the group policy, once detecting the external device, the user computer needs to acquire the identity information of the external device, and verify the identity information by using an external device management list in the group policy; if the authentication is passed, the user computer 20 permits the use of the external device; if the authentication is not passed, the user computer 20 prohibits the use of the external device. And further, the accurate management of the external equipment is realized. It should be noted that: when data interaction is performed among the devices in the embodiment of the present invention, the network 30 used may be determined according to actual requirements, and may be a wireless communication network, such as a mobile communication network or a WIFI network, or a wired communication network; either a wide area network or a local area network may be used as circumstances warrant.
With reference to fig. 2, fig. 2 is a flowchart of an external device management method according to an embodiment of the present invention; the method can comprise the following steps:
s101, when the external equipment is detected, the identity information of the external equipment is obtained.
It should be noted that, the embodiment of the present invention does not limit the types of the external devices, which are relative to the internal devices (generally, common devices that allow users to use, such as an input device, a keyboard, and a mouse), and for example, the external devices may be a portable storage device (such as a usb disk), an external network device (such as a mobile data network card), a camera, a printer, a scanner, a bluetooth device, and the like.
It can be understood that the embodiment of the invention aims to avoid the problem that confidential data is leaked due to the fact that a user transfers the confidential data through an external device, and great hidden danger is brought to data security of the user. Therefore, when the electronic device detects that the electronic device is connected to the external device, the electronic device needs to be verified, only the verified external device is allowed to run, and the condition that confidential data is leaked due to the fact that the unverified external device is run is avoided. That is, when the electronic device detects that it is connected to an external device, it needs to determine whether the external device belongs to an external device capable of operating, and before determining that the external device is an external device capable of allowing use, the electronic device does not allow the external device to operate, thereby avoiding a situation that confidential data is leaked due to transfer of the confidential data by an unauthorized external device.
The embodiment of the present invention does not limit the method for detecting the external device, and the method is related to the type of the external device as long as whether the current electronic device is connected to the external device can be determined. For example, when the external device is a usb disk, if the usb disk is inserted into the electronic device, the usb disk will be powered on, and the controller in the usb disk will automatically send the identification information to the electronic device.
It should be noted that, in the embodiment of the present invention, as long as the electronic device detects that the external device is accessed, the electronic device acquires the identity information of the external device, so that the identity information is verified by using the external device management name sheet in the group policy, to determine whether the external device is allowed to be used. The embodiment of the invention does not limit the content of the identity information, as long as the external equipment can be uniquely identified. For example, the identity information may be a hardware ID (identity card identification number) of the external device. Because the embodiment of the invention does not limit the content of the identity information, the embodiment of the invention further does not limit the process of acquiring the identity information of the external equipment. For example, when the identity information of the external device is the hardware ID of the external device, the process of acquiring the identity information of the external device may be: and acquiring the hardware ID of the external device by utilizing a device information enumeration technology. Or the device manager may be used to obtain the identity information (e.g., hardware ID) of the external device. Of course, the device information enumeration technology and the device manager may exist at the same time, and the identity information of the external device may be obtained in these two ways. The device information enumeration technology may be HardwareID software, that is, a HardwareID tool, where the HardwareID software may display identification information of related hardware, and the implementation process of the HardwareID software is not limited in the embodiments of the present invention, and device information existing in current electronic devices may be searched by using a device information enumeration function (e.g., a setupdi getclassdevsa function). A device manager is a management tool that may be used to manage devices on a computer. For example, a device manager may be used to view device properties, update device drivers, configure device settings, and uninstall devices.
S102, the identity information is verified by using an external equipment management list in the group policy.
Group Policy (Group Policy) refers to a characteristic of the Windows operating system that controls the working environment of user accounts and computer accounts. Centralized management and configuration of user settings in operating systems, applications, and active directories is primarily provided.
It should be understood that, in the embodiment of the present invention, the content of the external device management list is not limited, as long as the identity information of the external device can be verified through the external device management list, so as to determine whether to allow the external device to be used. For example, the external device management list may be a white list in which the identity information of the external devices permitted to be used is recorded; or a blacklist in which the identity information of the external device that is not allowed to be used is recorded; of course, it is also possible to have both a white list of the identity information of the external devices allowed to be used and a black list of the identity information of the external devices not allowed to be used. In the embodiment of the present invention, the number of the lists in the external device management list is not limited, that is, the number of the identity information of the corresponding external device in the external device management list is not limited. The user (when the group policy is for a plurality of electronic devices, the user generally refers to the user with the management authority) can set and modify the external device management list according to the actual situation, so that the flexibility and convenience of the external device management are improved, and the personalized requirements of the user are met. For example, the user may add or delete the identity information in the external device management list according to the actual situation.
Correspondingly, the embodiment of the invention also does not limit the process of verifying the identity information by utilizing the external device management list in the group policy, and the process is related to the specific setting form of the external device management list. For example, if the external device management list is a white list in which the identity information of the external device allowed to be used is recorded, the process of verifying the identity information by using the external device management list in the group policy may be: and judging whether the identity information of the external equipment is in an external equipment management list in the group policy, if so, passing the verification and allowing the external equipment to be used. If not, the verification is not passed, and the external equipment is forbidden to be used. For another example, if the external device management list is a black list in which the identity information of the external device prohibited from being used is recorded, the process of verifying the identity information by using the external device management list in the group policy may be: and judging whether the identity information of the external equipment is in an external equipment management list in the group policy, if so, verifying the identity information of the external equipment, and forbidding the external equipment from being used. If not, the authentication is passed, and the external device is allowed to be used.
Further, since the identity information of each external device is different, even the corresponding identity information between the external devices of the same type is different, i.e., the identity information and the individual external devices form a one-to-one correspondence relationship. For example, the identity information corresponding to each usb flash disk is different. Therefore, in the embodiment of the present invention, the identification information of a single external device can be verified by using the external device management list in the group policy, and then the accurate management of the single external device is completed through the group policy, that is, the embodiment of the present invention realizes the management process of the external device of the minimum unit, so that various requirements of a user can be met, and the convenience, reliability and adaptability of external device management are improved.
It should be noted that, in order to implement management on an external device through identity information of the external device in the embodiment of the present invention, an external device management list for verifying the identity information of the external device needs to be created, and the external device management list is set in a group policy, so that an issued group policy can implement management on a single external device according to the external device management list. That is, before executing the external device management method in the embodiment of the present invention, the electronic device may further create an external device management list, set the external device management list into a group policy, and issue the group policy, so that the electronic device executes an external device management process according to the group policy. Of course, the embodiment of the present invention does not limit the execution subject of the process of creating the external device management list, setting the external device management list into the group policy, and issuing the group policy. It may also be that an external device management list is created by other electronic devices (e.g., electronic devices implementing management functions for all electronic devices specified by the intranet), and the external device management list is set into a group policy, and the group policy is issued to all specified electronic devices, so that all specified electronic devices execute an external device management process according to the group policy. That is, at this time, all the designated electronic devices only need to execute the external device management process according to the issued group policy.
It should be understood that the process of creating the external device management list is not limited in the embodiment of the present invention. For example, a corresponding external device management list may be formed according to the acquired identity information of the target external device and the list attribute. For example, when the list attribute of the acquired identity information of the target external device is the identity information of the external device allowed to be used, the formed external device management list is a white list in which the identity information of the external device allowed to be used is recorded. And when the list attribute of the acquired identity information of the target external equipment is the identity information of the external equipment prohibited from being used, the formed external equipment management list is a blacklist recording the identity information of the external equipment prohibited from being used. In the embodiment of the present invention, the process of setting the external device management list in the group policy and issuing the group policy is not limited, as long as the electronic device that issues the group policy can execute the external device management list by using the group policy, so as to manage the external device. For example, the external device management list is formed into a peripheral management and control rule, and when the peripheral management and control rule is configured in a group policy, when the peripheral management and control rule is quoted, the electronic device receiving the issued group policy is set with the group policy in a reliable manner, so that the management process of the external device according to the group policy is realized.
S103, if the verification is passed, the external equipment is allowed to be used.
And S104, if the verification fails, prohibiting the use of the external equipment.
It should be noted that, in the embodiment of the present invention, the manner of allowing the use of the external device and prohibiting the use of the external device are not limited as long as the use condition of the external device can be controlled. For example, an external device that is in operation can normally operate in the electronic device and enter a normal operating state, while an external device that is not in use cannot operate in the electronic device and cannot enter a normal operating state.
In the embodiment of the invention, when the external equipment is detected, the identity information of the external equipment is obtained, the identity information of the external equipment is verified by using the group policy with the external equipment management list, and the external equipment can be allowed to operate only when the identity information of the external equipment passes the verification, so that the external equipment is used for realizing the management of the external equipment. Furthermore, in the embodiment of the present invention, whether an external network device is a mobile network card may be determined by the identity information of an external device, so that a single network card peripheral may be disabled, which avoids that in the related art, when the mobile network card is to be disabled under the condition that the network card of the electronic device itself cannot be disabled, the network card cannot be distinguished as a local network card or a mobile network card, and thus the network card cannot be managed. This can create data security holes. The embodiment of the invention can realize the control of a single network card through the identity information of the network card, thereby solving the problems. That is to say, the embodiment of the present invention can only prohibit the mobile network card through the identity information of the external device, without affecting the use of the local network card. Namely, the embodiment of the invention can only forbid specific external equipment through the identity information of the external equipment without influencing the use of other external equipment.
Based on the above technical solutions, embodiments of the present invention provide an external device management method, which can implement management of each external device by setting an external device management list in a group policy, thereby implementing accurate management of a single external device through the group policy, implementing an external device management process for a minimum unit, meeting various personalized requirements of a user, and improving convenience, reliability, and adaptability of external device management.
Based on the above embodiments, please refer to fig. 3, fig. 3 is a flowchart of a group policy setting method according to an embodiment of the present invention; the process may include:
s201, creating an external device management list.
In the embodiment of the present invention, the number of the lists in the external device management list is not limited, that is, the number of the identity information of the target external device in the external device management list is not limited. In the embodiment of the present invention, the external device corresponding to the external device management list is referred to as a target external device. The user (when the group policy is for a plurality of electronic devices (such as in an intranet scenario), the user generally refers to a user with management authority) can set and modify the external device management list according to actual conditions, so that flexibility and convenience of external device management are improved, and personalized requirements of the user are met. For example, the user may add or delete the identity information in the external device management list according to the actual situation.
It should be noted that, in the embodiment of the present invention, a process of creating an external device management list is not limited, as long as the external device management list can be formed according to the obtained identity information of the target external device. For example, the corresponding external device management list may be formed according to the acquired identity information of the target external device and the list attribute of the external device management list required by the user. For example, when the list attribute of the acquired identity information of the target external device is the identity information of the external device allowed to be used, the formed external device management list is a white list in which the identity information of the external device allowed to be used is recorded. And when the list attribute of the acquired identity information of the target external equipment is the identity information of the external equipment prohibited from being used, the formed external equipment management list is a blacklist recording the identity information of the external equipment prohibited from being used.
It can be understood that, because the embodiment of the present invention does not limit the content of the identity information, the embodiment of the present invention also does not limit the process of acquiring the identity information of the target external device. For example, the process of acquiring the identity information of the target external device may be: acquiring a hardware ID (namely the hardware ID is used as identity information) of the target external equipment by using hardware ID software (such as HardwareID software, namely a HardwareID tool); or the device manager may be used to obtain the identity information (e.g., hardware ID) of the target external device. Of course, the hardware ID software and the device manager may exist at the same time, and the two ways are used to obtain the identity information of the target external device. The HardwareID software may display the identification information of the related hardware, but the embodiment of the present invention is not limited to the implementation process of the HardwareID software, and may search for the device information existing in the current electronic device by using a device information enumeration function (e.g., setupiggetclassdevsa function). A device manager is a management tool that may be used to manage devices on a computer. For example, a device manager may be used to view device properties, update device drivers, configure device settings, and uninstall devices.
Further, the embodiment of the present invention does not limit the process of acquiring the hardware ID of the target external device by using the hardware ID software. For example, the hardwareID information is displayed on the hardwareID tool by opening the hardwareID tool, inserting or connecting a target external device required to acquire the hardware ID, and inputting an acquisition instruction in the hardwareID tool (for example, clicking an acquisition button in the hardwareID tool), and a user can select the hardware ID information through a mouse or other tools, that is, the identity information of the target external device is acquired. The embodiment of the invention also does not limit the process of acquiring the identity information of the target external device by using the device manager. For example, the device manager is opened (for example, after the electronic device enters the Windows operating system interface, a Windows key + R key of a keyboard is pressed, a command "devmgmt. msc" is input, and then a vehicle comes back to open the device manager of the electronic device), then the corresponding external device is found in the device type list of the device manager, the attribute of the external device is checked, the hardware ID is selected from the attribute options in the detailed information list in the attribute, and the corresponding hardware ID information displayed in the value (V) is the hardware ID information of the external device. The following description will be given taking a magnetic disk device as an external device: firstly, a device manager of the electronic device is opened, after a target magnetic disk device is selected in a magnetic disk drive, an attribute button in a pop-up box is clicked, a detailed information button is clicked in a pop-up interface, a hardware ID option is selected from a selection item corresponding to an attribute (P) in a detailed information interface, and correspondingly, the hardware ID information of the target magnetic disk device is displayed in the first row in a list corresponding to a value (V). Specifically, referring to fig. 4, a diagram of a final detailed information interface is shown, where the hardware ID information of the target Disk device in fig. 4 is SCSI \ Disk _ WD _____ WD3200BPVT-11 hxhz 01.0. When the target external device is a usb disk, the hardware ID value may be obtained first according to the above process, and then a parent option needs to be selected from a selection item corresponding to the attribute (P) in the detailed information interface, the parent ID of the usb disk is displayed in the first row of the list corresponding to the value (V), and finally, the obtained hardware ID value and the parent ID are merged together by a comma to obtain the identity information corresponding to the usb disk.
S202, setting the external device management list into a group policy, and issuing the group policy.
It should be noted that, in the embodiment of the present invention, the process of setting the external device management list in the group policy and issuing the group policy is not limited, as long as the electronic device issued to the group policy can execute the external device management list by using the group policy, so as to implement management on the external device. For example, the external device management list is formed into a peripheral management and control rule, and then the peripheral management and control rule is configured into a group policy, when the peripheral management and control rule is quoted, the electronic device receiving the issued group policy is set with the group policy in a reliable manner, so that the management process of the external device according to the group policy is realized.
It can be understood that, in order to improve convenience and flexibility of the group policy for managing the external devices in the embodiment of the present invention, an option of prohibiting the use of a type of the external device may be further added to the group policy in the embodiment of the present invention, so that a user can more conveniently prohibit the use of a certain type of external device. For example, when the user selects to disable the external device corresponding to the storage device, the user cannot use any external device with storage function, such as a usb disk, in the electronic device. That is, when forming the group policy, the embodiment of the present invention may set the type of the selected prohibited external device to the group policy, in addition to the external device management list; wherein the external device type includes at least one of a storage device, a network device, a Bluetooth device, a camera, and a printer. Of course, the external device type may not be limited thereto, and may include other external device types such as a scanner. That is, the embodiment of the present invention does not limit the type of the external device.
In the embodiment of the present invention, a process of setting the selected external device type prohibited from being used in the group policy is not limited, as long as a function of adding the external device type prohibited from being used in the group policy can be implemented. For example, a peripheral type option for prohibiting use may be set in the peripheral management and control rule, and a user may select a relevant use prohibition type according to an actual requirement of the user, and then configure the peripheral management and control rule into a group policy, and when the peripheral management and control rule is referred, the electronic device that receives the issued group policy may be reliably set with the group policy, so as to implement a management process for the external device according to the group policy. Certainly, in the embodiment of the present invention, specific content of the peripheral management and control rule is not limited, and the user may set a related peripheral management list and a peripheral type prohibited from being used according to actual needs of the user. Corresponding rule description contents can be added according to actual needs of users, so that the users can more clearly understand the peripheral control rule, and for example, rule names, rule types, rule descriptions and the like can be set in the peripheral control rule. Referring to fig. 5, a white list is taken as an example of the management list of the external device, and a schematic diagram of an external device management and control rule interface is provided. The user may set the ID of the target external device at the white list setting place, which may have a number limitation or may not have a number limitation. The device hardware ID (i.e., external device hardware ID) acquisition guide may be a tutorial showing how to acquire a target external device ID using hardware ID software or a device manager so that a user can conveniently acquire the hardware ID of the external device. Of course, in the embodiment of the present invention, the content corresponding to the hardware ID acquisition guidance of the device is not limited, and may be a video tutorial, a voice tutorial, a picture tutorial, or a text tutorial. The user of the type of the peripheral prohibited from being used may select only one item, may select a plurality of items at the same time, or, of course, may not select any item.
Based on the above technical solution, embodiments of the present invention provide a method for managing an external device, which can effectively and reliably prohibit the use of a certain external device or the use of a certain type of external device, and can more flexibly implement the management and control of the external device.
Based on any of the above embodiments, since the group policy is a function in the Windows operating system, the user of the electronic device can modify the group policy by himself. When the validity of the group policy needs to be ensured, a situation that the group policy cannot be reliably executed due to the fact that the group policy issued by the electronic device with a management function is modified by the user of the electronic device receiving the group policy is avoided, for example, in an intranet scenario, the group policy is modified by the user of the electronic device except the electronic device for management. The embodiment of the invention can also monitor the group strategy, thereby avoiding the malicious modification of the group strategy. That is, in the embodiment of the present invention, when it is monitored that the group policy is modified, the unmodified group policy is reissued.
It should be noted that, in the embodiment of the present invention, once the electronic device monitors that the group policy is modified, in order to avoid the group policy being modified, the unmodified group policy needs to be timely reissued, so that the group policy can be prevented from being modified. In the embodiment of the present invention, a method for monitoring whether a group policy is modified is not limited, as long as monitoring of the group policy can be implemented. For example, whether a group policy is modified may be monitored by a daemon process. In order to ensure the reliability of monitoring, the daemon process cannot be killed by the system, and the normal use of the peripheral management and control function can be effectively guaranteed.
It can be understood that the process of monitoring the group policy provided by the embodiment of the present invention may be real-time monitoring, or monitoring according to a preset period. Of course, the embodiment of the present invention does not limit the value of the preset period, for example, the preset period may be a period smaller than a period for issuing the group policy by the system.
Based on the technical scheme, the embodiment of the invention provides the external device management method, whether the group strategy is modified or not is monitored through the daemon process, so that the effectiveness of the set group strategy can be ensured, the situation that a user modifies the group strategy by himself is prevented, and the normal use of the peripheral management and control function can be effectively guaranteed.
It should be noted that features that are not mutually inconsistent in the embodiments of the present invention can be arbitrarily combined to form a new embodiment, and the present invention is not limited to the above-mentioned several embodiments. The embodiment of the present invention does not limit the execution subject of each of the above embodiments, and may be an electronic device.
The following describes an external device management apparatus, an electronic device, and a storage medium according to embodiments of the present invention, and the external device management apparatus, the electronic device, and the storage medium described below and the external device management method described above may be referred to in correspondence.
Referring to fig. 6, fig. 6 is a block diagram of an external device management apparatus according to an embodiment of the present invention; the apparatus may include:
the peripheral identity information obtaining module 110 is configured to, when an external device is detected, obtain identity information of the external device;
the peripheral management module 120 is configured to verify the identity information by using an external device management list in the group policy; if the verification is passed, allowing the external equipment to be used; and if the verification is not passed, the use of the external equipment is forbidden.
Based on the above embodiment, the apparatus may further include:
the group policy setting module is used for creating an external device management list; the external device management list is set to the group policy,
and the group strategy issuing module is used for issuing the group strategy.
Based on the above embodiment, the group policy setting module may be further configured to set the selected prohibited-use external device type into the group policy; wherein the external device type includes at least one of a storage device, a network device, a Bluetooth device, a camera, and a printer.
Based on any of the above embodiments, the set of policy setting modules may include:
the external equipment management list creating unit is used for acquiring the identity information of the target external equipment; and forming an external equipment management list according to the identity information of the target external equipment.
Based on the above embodiment, the external device management list creating unit may include:
and the first identity information acquiring subunit is used for acquiring the identity information of the target external device by using a device information enumeration technology.
And/or the presence of a gas in the gas,
and the second identity information acquisition subunit is used for acquiring the identity information of the target external device by using the device manager.
Based on any of the above embodiments, the apparatus may further include:
and the effectiveness protection module is used for re-issuing the unmodified group strategy when the group strategy is monitored to be modified.
It should be noted that, based on any of the above embodiments, the apparatus may be implemented based on programmable logic devices, where the programmable logic devices include an FPGA, a CP L D, a single chip, a processor, and the like.
Corresponding to the above method embodiment, the embodiment of the invention also provides an electronic device. As can be seen in fig. 7, the electronic device may include:
a memory 332 for storing a computer program;
and a processor 322 for implementing the external device management method of the above method embodiments when executing the computer program.
Specifically, referring to fig. 8, a specific structural diagram of an electronic device provided in this embodiment is a schematic diagram of the electronic device, which may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors), a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) storing an application 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on a data processing device. Still further, the processor 322 may be configured to communicate with the storage medium 330 to execute a series of instruction operations in the storage medium 330 on the electronic device 301.
The electronic device 301 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341, for example, Windows ServerTM, Mac OS XTM, UnixTM, and L TtT translation = L "&gTt L &lTt/T &gTt inuxTM, FreeBSDTM, or the like.
The steps in the external device management method described above may be implemented by the structure of the electronic device. The electronic device may be a terminal (e.g., a computer, a server, etc.), which is not limited in this respect.
Corresponding to the above method embodiment, the embodiment of the invention also provides a storage medium. The storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the external device management method of the above-described method embodiments.
The storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other storage media capable of storing program codes.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The external device management method, the external device management apparatus, the electronic device, and the storage medium according to the present invention are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (10)
1. An external device management method, comprising:
when the external equipment is detected, acquiring the identity information of the external equipment;
verifying the identity information by using an external equipment management name list in the group policy;
if the verification is passed, allowing the external equipment to be used;
and if the verification is not passed, forbidding the use of the external equipment.
2. The external device management method according to claim 1, further comprising:
and when the group strategy is monitored to be modified, the unmodified group strategy is retransmitted.
3. The external device management method according to claim 1 or 2, wherein before the acquiring, when the external device is detected, the identity information of the external device, further comprising:
creating the external equipment management list;
and setting the external equipment management list into the group policy, and issuing the group policy.
4. The external device management method according to claim 3, wherein the creating the external device management list includes:
acquiring identity information of target external equipment;
and forming the external equipment management list according to the identity information of the target external equipment.
5. The external device management method according to claim 4, wherein the obtaining of the identity information of the target external device includes:
and acquiring the identity information of the target external device by using a device information enumeration technology.
6. The external device management method according to claim 4, wherein the obtaining of the identity information of the target external device includes:
and acquiring the identity information of the target external equipment by utilizing an equipment manager.
7. The external device management method of claim 3, further comprising, prior to said issuing said group policy:
setting the selected prohibited-use external device type into the group policy; wherein the external device type includes at least one of a storage device, a network device, a Bluetooth device, a camera, and a printer.
8. An external device management apparatus, comprising:
the peripheral identity information acquisition module is used for acquiring the identity information of the external equipment when the external equipment is detected;
the peripheral management module is used for verifying the identity information by using an external equipment management name list in the group policy; if the verification is passed, allowing the external equipment to be used; and if the verification is not passed, forbidding the use of the external equipment.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the external device management method of any one of claims 1 to 7 when executing the computer program.
10. A storage medium having stored therein computer-executable instructions that, when loaded and executed by a processor, implement the external device management method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010268691.9A CN111506893A (en) | 2020-04-08 | 2020-04-08 | External equipment management method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010268691.9A CN111506893A (en) | 2020-04-08 | 2020-04-08 | External equipment management method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111506893A true CN111506893A (en) | 2020-08-07 |
Family
ID=71870779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010268691.9A Pending CN111506893A (en) | 2020-04-08 | 2020-04-08 | External equipment management method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111506893A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114186209A (en) * | 2022-02-15 | 2022-03-15 | 北京安帝科技有限公司 | Identity verification method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1893441A (en) * | 2005-07-01 | 2007-01-10 | 捷讯研究有限公司 | System and method for managing network lists in a wireless user equipment device |
| US20080104705A1 (en) * | 2006-10-30 | 2008-05-01 | Microsoft Corporation | Setting group policy by device ownership |
| US20080148339A1 (en) * | 2006-10-30 | 2008-06-19 | Microsoft Corporation | Group policy for unique class identifier devices |
| CN101241422A (en) * | 2007-02-07 | 2008-08-13 | 佳能株式会社 | Printing device and controlling method thereof |
| US20110167470A1 (en) * | 2005-02-28 | 2011-07-07 | Trust Digital, Llc | Mobile data security system and methods |
| CN105320616A (en) * | 2014-06-24 | 2016-02-10 | 腾讯科技(深圳)有限公司 | External device control method and device |
| CN108427649A (en) * | 2018-01-16 | 2018-08-21 | 广州杰赛科技股份有限公司 | Access management method, terminal device, system and the storage medium of USB interface |
-
2020
- 2020-04-08 CN CN202010268691.9A patent/CN111506893A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110167470A1 (en) * | 2005-02-28 | 2011-07-07 | Trust Digital, Llc | Mobile data security system and methods |
| CN1893441A (en) * | 2005-07-01 | 2007-01-10 | 捷讯研究有限公司 | System and method for managing network lists in a wireless user equipment device |
| US20080104705A1 (en) * | 2006-10-30 | 2008-05-01 | Microsoft Corporation | Setting group policy by device ownership |
| US20080148339A1 (en) * | 2006-10-30 | 2008-06-19 | Microsoft Corporation | Group policy for unique class identifier devices |
| CN101241422A (en) * | 2007-02-07 | 2008-08-13 | 佳能株式会社 | Printing device and controlling method thereof |
| CN105320616A (en) * | 2014-06-24 | 2016-02-10 | 腾讯科技(深圳)有限公司 | External device control method and device |
| CN108427649A (en) * | 2018-01-16 | 2018-08-21 | 广州杰赛科技股份有限公司 | Access management method, terminal device, system and the storage medium of USB interface |
Non-Patent Citations (4)
| Title |
|---|
| 李腾红: "《操作系统》", 中国铁道出版社, pages: 326 - 328 * |
| 胡亮 等: "网络程序设计", vol. 1, 30 September 2003, 吉林大学出版社, pages: 123 - 125 * |
| 韩志玲: "用组策略管理域用户环境", 《山西科技》, no. 05, 20 September 2008 (2008-09-20), pages 55 - 66 * |
| 龚永罡 等: "Linux系统管理", vol. 1, 30 September 2000, 国防工业出版社, pages: 133 - 328 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114186209A (en) * | 2022-02-15 | 2022-03-15 | 北京安帝科技有限公司 | Identity verification method and system |
| CN114186209B (en) * | 2022-02-15 | 2022-06-28 | 北京安帝科技有限公司 | Identity verification method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10375116B2 (en) | System and method to provide server control for access to mobile client data | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| US20140189781A1 (en) | Mobile enterprise server and client device interaction | |
| KR101308859B1 (en) | Terminal having temporary root authority granting function and root authority granting method using the same | |
| US20100100929A1 (en) | Apparatus and method for security managing of information terminal | |
| US20090007256A1 (en) | Using a trusted entity to drive security decisions | |
| CN105550598A (en) | Safety management method and device of mobile storage equipment | |
| KR102137309B1 (en) | Intergrated Monitoring System | |
| CN112150113A (en) | Method, device and system for borrowing file data and method for borrowing data | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| KR20210123518A (en) | Systems that support smart work | |
| CN111506893A (en) | External equipment management method and device, electronic equipment and storage medium | |
| JP2009080561A (en) | External device management system | |
| KR20130079004A (en) | Mobile data loss prevention system and method for providing virtual security environment using file system virtualization on smart phone | |
| US11232220B2 (en) | Encryption management for storage devices | |
| JP4674479B2 (en) | Security management system, server device, client terminal, and security management method used therefor | |
| KR101763184B1 (en) | File recovery method using backup | |
| CN113162936B (en) | Method and system for preventing abnormal dynamic analysis | |
| CN114564706A (en) | User authority management method and device, electronic equipment and storage medium | |
| KR20220097037A (en) | Data leak prevention system | |
| KR20150030047A (en) | Method and system for application authentication | |
| JP4138854B1 (en) | External device management system | |
| KR101844534B1 (en) | Method for securing electronic file | |
| CN113836529A (en) | Process detection method, device, storage medium and computer equipment | |
| GB2555569A (en) | Enhanced computer objects security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |