A useful feature of AppSense Environment Manager’s Lockdown functionality is the capability to lock out keystrokes from your users. You can disable keystrokes globally, or for certain applications.
You can set up a Lockdown action from any of the node groups, but as a general rule of thumb if they are global lockdown items I apply them during the Logon process, and if they are application-specific I apply them when the particular application starts (normally with a Flow Control rule to avoid repeated processing of the item).
To create a Keyboard Lockdown item, right-click in the Action pane, choose Lockdown and then Keyboard Wizard
The wizard then launches, which has several options
In the first box you can simply enter the keystroke or keystroke combination that you want to lock out. There is also an option underneath to identify left and right keys (such as Shift, Alt and Ctrl) separately, if you need to lock them out on a particular basis. The key selection box also will successfully pick up special keys like the Windows and Apps keys, and combinations associated with them, such as Windows-M, Windows-L, etc. In the example below, we’ve used Print Screen, as a lot of enterprises seem quite keen to kill the functionality of this button.
Underneath, in the Select Application section, you can choose to make the Lockdown item global (by choosing All Applications), or simply restrict it to a single process. You can either type the process name in, browse to the required executable, or even use the Spy Tool and drag the spyglass onto the application that you wish to apply it to (you need to make sure your target app is not minimized for the spyglass to pick it up correctly).
We want it to apply globally, so we leave All Applications selected, and that’s that – our Keyboard Lockdown item is completed.
This sort of functionality is useful for quite a few things. Obviously, in high-security environments various keystrokes (such as Print Screen) can be disabled for compliance. If you have users who keep accidentally triggering a certain annoying keystroke (F11 for fullscreen mode in IE, StickyKeys, FilterKeys, etc.) you can disable this functionality for them without any advanced Registry hacking. I’ve seen some badly-written applications where using a navigation key (like Tab) resulted in unusual output (in this case Tab opened a new order, which was really annoying), so the Tab key was swiftly disabled for that application only, cutting down on masses of helpdesk calls. Again, a fairly simple little feature, that can make your life much easier.
Share
