[go: up one dir, main page]

CN111506893A - External equipment management method and device, electronic equipment and storage medium - Google Patents

External equipment management method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111506893A
CN111506893A CN202010268691.9A CN202010268691A CN111506893A CN 111506893 A CN111506893 A CN 111506893A CN 202010268691 A CN202010268691 A CN 202010268691A CN 111506893 A CN111506893 A CN 111506893A
Authority
CN
China
Prior art keywords
external device
identity information
group policy
external
device management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010268691.9A
Other languages
Chinese (zh)
Inventor
文誉
袁义金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN202010268691.9A priority Critical patent/CN111506893A/en
Publication of CN111506893A publication Critical patent/CN111506893A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种外部设备管理方法、装置、电子设备及存储介质,该方法包括:当检测到外部设备时,获取外部设备的身份信息;利用组策略中的外部设备管理名单对身份信息进行验证;若验证通过,则允许使用外部设备;若验证未通过,则禁止使用外部设备;该方法在检测到外部设备时,利用具有外部设备管理名单的组策略对该外部设备的身份信息进行验证,只有在该外部设备的身份信息通过验证时,才能够允许该外部设备运行,进而使用该外部设备,实现了通过组策略完成针对单个外部设备的精准管理,即实现了最小单位的外部设备管理过程,可以满足用户的各种个性化需求,提高了外部设备管理的便捷性、可靠性以及适应性。

Figure 202010268691

The invention discloses an external device management method, device, electronic device and storage medium. The method includes: when an external device is detected, acquiring identity information of the external device; Verification; if the verification is passed, the use of external devices is allowed; if the verification fails, the use of external devices is prohibited; when an external device is detected, the method uses the group policy with the management list of external devices to verify the identity information of the external device , only when the identity information of the external device is verified, the external device can be allowed to run, and then the external device can be used to achieve precise management of a single external device through group policy, that is, to achieve the smallest unit of external device management The process can meet various personalized needs of users, and improve the convenience, reliability and adaptability of external device management.

Figure 202010268691

Description

一种外部设备管理方法、装置、电子设备及存储介质An external device management method, device, electronic device and storage medium

技术领域technical field

本发明涉及通信技术领域,特别涉及一种外部设备管理方法、装置、电子设备及存储介质。The present invention relates to the field of communication technologies, and in particular, to an external device management method, device, electronic device and storage medium.

背景技术Background technique

随着互联网技术的广泛应用,各行各业的电子化程度越来越高。相应的,数据安全也越来越重要。目前,很多企业都已经实现了内网阻隔,使得用户无法直接将机密数据发到外网,在一定程度保证了数据安全。但是,内网阻隔并不能完全避免机密数据的泄露,这是由于用户还可以通过U盘拷贝、外接移动网卡、打印机打印等外部设备将机密数据转移,造成机密数据泄密,给企业的数据安全带来重大隐患。With the widespread application of Internet technology, the degree of electronization in all walks of life is getting higher and higher. Correspondingly, data security is becoming more and more important. At present, many enterprises have implemented intranet isolation, so that users cannot directly send confidential data to the external network, which ensures data security to a certain extent. However, intranet isolation cannot completely prevent the leakage of confidential data. This is because users can also transfer confidential data through external devices such as U disk copy, external mobile network card, printer printing, etc. to a major hazard.

发明内容SUMMARY OF THE INVENTION

本发明的目的是提供一种外部设备管理方法、装置、电子设备及存储介质,通过在组策略中设置外部设备管理名单,能够实现对单个外部设备的精准管理,满足用户的各种个性化需求,提高外部设备管理的便捷性、可靠性以及适应性。The purpose of the present invention is to provide an external device management method, device, electronic device and storage medium. By setting the external device management list in the group policy, precise management of a single external device can be realized and various personalized needs of users can be met. , to improve the convenience, reliability and adaptability of external device management.

为解决上述技术问题,本发明提供一种外部设备管理方法,包括:In order to solve the above-mentioned technical problems, the present invention provides an external device management method, including:

当检测到外部设备时,获取所述外部设备的身份信息;When an external device is detected, obtain the identity information of the external device;

利用组策略中的外部设备管理名单对所述身份信息进行验证;Verify the identity information by using the external device management list in the group policy;

若验证通过,则允许使用所述外部设备;If the verification is passed, the external device is allowed to be used;

若验证未通过,则禁止使用所述外部设备。If the verification fails, the use of the external device is prohibited.

在一种可能的实现方式中,所述外部设备管理方法还包括:In a possible implementation manner, the external device management method further includes:

当监测到所述组策略被修改时,重新下发未被修改的所述组策略。When it is detected that the group policy is modified, the unmodified group policy is re-delivered.

在又一种可能的实现方式中,在所述当检测到外部设备时,获取所述外部设备的身份信息之前,还包括:In another possible implementation manner, before the acquiring the identity information of the external device when the external device is detected, the method further includes:

创建所述外部设备管理名单;creating said external device management list;

将所述外部设备管理名单设置到所述组策略中,并下发所述组策略。The external device management list is set into the group policy, and the group policy is delivered.

在又一种可能的实现方式中,所述创建所述外部设备管理名单,包括:In yet another possible implementation manner, the creating the external device management list includes:

获取目标外部设备的身份信息;Obtain the identity information of the target external device;

根据所述目标外部设备的身份信息形成所述外部设备管理名单。The external device management list is formed according to the identity information of the target external device.

在又一种可能的实现方式中,所述获取目标外部设备的身份信息,包括:In yet another possible implementation manner, the acquiring the identity information of the target external device includes:

利用设备信息枚举技术获取所述目标外部设备的身份信息。The identity information of the target external device is acquired by using the device information enumeration technology.

在又一种可能的实现方式中,所述获取目标外部设备的身份信息,包括:In yet another possible implementation manner, the acquiring the identity information of the target external device includes:

利用设备管理器获取所述目标外部设备的身份信息。Use the device manager to obtain the identity information of the target external device.

在又一种可能的实现方式中,在所述下发所述组策略之前,还包括:In another possible implementation manner, before the delivering the group policy, the method further includes:

将选择的禁止使用的外部设备类型设置到所述组策略中;其中,所述外部设备类型包含存储设备、网络设备、蓝牙设备、摄像头以及打印机中至少一项。Setting the selected prohibited external device type into the group policy; wherein the external device type includes at least one of a storage device, a network device, a Bluetooth device, a camera, and a printer.

又一方面,本发明还提供一种外部设备管理装置,包括:In another aspect, the present invention also provides an apparatus for managing external devices, including:

外设身份信息获取模块,用于当检测到外部设备时,获取所述外部设备的身份信息;a peripheral device identity information acquisition module, configured to acquire the identity information of the external device when an external device is detected;

外设管理模块,用于利用组策略中的外部设备管理名单对所述身份信息进行验证;若验证通过,则允许使用所述外部设备;若验证未通过,则禁止使用所述外部设备。The peripheral device management module is configured to use the external device management list in the group policy to verify the identity information; if the verification is passed, the external device is allowed to be used; if the verification fails, the use of the external device is prohibited.

又一方面,本发明还提供一种电子设备,包括:In another aspect, the present invention also provides an electronic device, comprising:

存储器,用于存储计算机程序;memory for storing computer programs;

处理器,用于执行所述计算机程序时实现如上述所述的外部设备管理方法。The processor is configured to implement the above-mentioned external device management method when executing the computer program.

又一方面,本发明还提供一种存储介质,所述存储介质中存储有计算机可执行指令,所述计算机可执行指令被处理器加载并执行时,实现如上述所述的外部设备管理方法。In another aspect, the present invention also provides a storage medium, where computer-executable instructions are stored in the storage medium, and when the computer-executable instructions are loaded and executed by a processor, the above-mentioned external device management method is implemented.

可见,该方法在检测到外部设备时,获取该外部设备的身份信息,利用具有外部设备管理名单的组策略对该外部设备的身份信息进行验证,只有在该外部设备的身份信息通过验证时,才能够允许该外部设备运行,进而使用该外部设备,实现对外部设备的管理;即,通过在组策略中设置外部设备管理名单,可以实现对每一个外部设备的管理,进而实现通过组策略完成对单个外部设备的精准管理,即实现了针对最小单位的外部设备的管理过程,能够满足用户的各种个性化需求,提高了外部设备管理的便捷性、可靠性以及适应性。It can be seen that when an external device is detected, the method obtains the identity information of the external device, and uses the group policy with the external device management list to verify the identity information of the external device. Only when the identity information of the external device passes the verification, Only then can the external device be allowed to run, and then the external device can be used to realize the management of the external device; that is, by setting the external device management list in the group policy, the management of each external device can be realized, and then the management of each external device can be realized through the group policy. The precise management of a single external device realizes the management process for the smallest unit of external devices, which can meet the various personalized needs of users and improve the convenience, reliability and adaptability of external device management.

相应的,本发明还提供了一种外部设备管理装置、电子设备及存储介质,具有上述有益效果,在此不再赘述。Correspondingly, the present invention also provides an external device management device, an electronic device and a storage medium, which have the above beneficial effects, and are not repeated here.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to the provided drawings without creative work.

图1为本发明实施例所提供的一种外部设备管理方法所适用的一种硬件组成框架示意图;1 is a schematic diagram of a hardware composition framework to which a method for managing external devices provided by an embodiment of the present invention is applicable;

图2为本发明实施例所提供的一种外部设备管理方法的流程图;2 is a flowchart of a method for managing external devices provided by an embodiment of the present invention;

图3为本发明实施例所提供的一种组策略设置方法的流程图;3 is a flowchart of a method for setting a group policy according to an embodiment of the present invention;

图4为本发明实施例所提供的一种详细信息界面的示意图;4 is a schematic diagram of a detailed information interface provided by an embodiment of the present invention;

图5为本发明实施例所提供的一种外设管控规则界面的示意图;FIG. 5 is a schematic diagram of a peripheral device management and control rule interface provided by an embodiment of the present invention;

图6为本发明实施例所提供的一种外部设备管理装置的结构框图;6 is a structural block diagram of an apparatus for managing external devices provided by an embodiment of the present invention;

图7为本发明实施例所提供的一种电子设备的结构框图;7 is a structural block diagram of an electronic device according to an embodiment of the present invention;

图8为本发明实施例所提供的一种电子设备的具体结构示意图。FIG. 8 is a schematic diagram of a specific structure of an electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

由于数据安全对用户,尤其是企业级用户来说非常重要,一旦出现机密数据泄露,会给用户来带严重损失。相关技术中一般通过内网阻隔这一技术手段来避免机密数据外泄。但是,内网阻隔并不能完全避免机密数据的泄露,这是由于用户还可以通过U盘拷贝、外接移动网卡、打印机打印等外部设备将机密数据转移,造成机密数据泄密,给企业的数据安全带来重大隐患。因此,为了保证数据安全,必须对用户使用的外部设备进行管理。本发明实施例通过具有外部设备管理名单的组策略实现对外部设备的精准管理,进而解决上述问题。Since data security is very important to users, especially enterprise users, once confidential data is leaked, it will bring serious losses to users. In the related art, the leakage of confidential data is generally avoided by the technical means of intranet blocking. However, intranet isolation cannot completely prevent the leakage of confidential data. This is because users can also transfer confidential data through external devices such as U disk copy, external mobile network card, printer printing, etc. to a major hazard. Therefore, in order to ensure data security, external devices used by users must be managed. The embodiments of the present invention implement precise management of external devices through a group policy with a management list of external devices, thereby solving the above problems.

为了便于理解,先对本发明的外部设备管理方法对应的方案所适用的硬件组成进行介绍。本发明实施例可以应用于单个电子设备,也可以是一个局域网内所有电子设备,当然也可以是用户指定的所有电子设备,如内网中所有电子设备。需要说明的是,本发明实施例中并不对该电子设备的具体结构进行限定,只要其可以执行本发明实施例提供的外部设备管理方法即可。例如,该电子设备可以是PC机(如台式计算机、笔记本电脑、平板电脑以及超级本等),也可以是服务器。下面请参考图1,以n个用户计算机、AC控制中心,以及一个网络组成的应用场景为例进行说明。由图1可知,该硬件组成框架可以包括:AC控制中心10、n个用户计算机20。其中,AC控制中心10可以是具备管理员权限的用户端设备,也可以直接是管理员端设备,对此并不进行限定。AC控制中心10根据管理员输入信息创建外部设备管理名单;并将外部设备管理名单设置到组策略中,在组策略设置完成后,下发组策略到各个指定的用户计算机20。各个用户计算机20在接收到组策略后执行该组策略,用户计算机20在执行该组策略时,一旦检测到外部设备,就需要获取该外部设备的身份信息,利用组策略中的外部设备管理名单对身份信息进行验证;若验证通过,则用户计算机20允许使用该外部设备;若验证未通过,则用户计算机20禁止使用该外部设备。进而实现了对外部设备的精准管理。需要说明的是:本发明实施例中各个设备之间进行数据交互时,利用的网络30可以根据实际需求来确定,既可以是无线通讯网络,如移动通讯网络或WIFI网络等,也可以是有线通讯网络;既可以是广域网,在情况允许时也可以采用局域网。For ease of understanding, the hardware components applicable to the solution corresponding to the external device management method of the present invention are first introduced. The embodiments of the present invention may be applied to a single electronic device, or may be all electronic devices in a local area network, and certainly may be all electronic devices designated by a user, such as all electronic devices in an intranet. It should be noted that the specific structure of the electronic device is not limited in the embodiment of the present invention, as long as it can execute the external device management method provided by the embodiment of the present invention. For example, the electronic device may be a PC (such as a desktop computer, a notebook computer, a tablet computer, an ultrabook, etc.), or a server. Referring to FIG. 1 below, an application scenario composed of n user computers, an AC control center, and a network is used as an example for description. As can be seen from FIG. 1 , the hardware composition framework may include: an AC control center 10 and n user computers 20 . The AC control center 10 may be a client device with administrator rights, or may be an administrator device directly, which is not limited. The AC control center 10 creates an external device management list according to the information input by the administrator; sets the external device management list into the group policy, and after the group policy setting is completed, sends the group policy to each designated user computer 20 . Each user computer 20 executes the group policy after receiving the group policy. When the user computer 20 executes the group policy, once it detects an external device, it needs to obtain the identity information of the external device, and use the external device management list in the group policy. The identity information is verified; if the verification is passed, the user computer 20 allows the use of the external device; if the verification fails, the user computer 20 prohibits the use of the external device. This enables precise management of external devices. It should be noted that: in this embodiment of the present invention, when data is exchanged between various devices, the network 30 used may be determined according to actual needs, and may be a wireless communication network, such as a mobile communication network or a WIFI network, or a wired communication network. Communication network; either a wide area network or a local area network when circumstances permit.

结合上述硬件组成,具体请参考图2,图2为本发明实施例所提供的一种外部设备管理方法的流程图;该方法可以包括:In combination with the above hardware components, please refer to FIG. 2 for details. FIG. 2 is a flowchart of an external device management method provided by an embodiment of the present invention; the method may include:

S101、当检测到外部设备时,获取外部设备的身份信息。S101. When an external device is detected, acquire identity information of the external device.

需要说明的是,本发明实施例并不对外部设备的种类进行限定,该外部设备是相对于内部设备(一般允许用户使用的常用设备,例如输入设备,键盘、鼠标)的,例如,它可以是便携式存储设备(如U盘)、外接网络设备(如移动数据网卡)、摄像头、打印机、扫描仪、蓝牙设备等。It should be noted that the embodiment of the present invention does not limit the type of the external device, and the external device is relative to the internal device (generally used devices that users are allowed to use, such as input device, keyboard, mouse), for example, it can be Portable storage devices (such as U disks), external network devices (such as mobile data network cards), cameras, printers, scanners, Bluetooth devices, etc.

可以理解的是,本发明实施例目的是为了避免用户通过外部设备将机密数据转移,造成机密数据泄密,给用户的数据安全带来重大隐患。因此,本发明实施例在电子设备检测到其连接到外部设备时,需要对该外部设备进行验证,仅允许通过验证的外部设备运行,避免由于运行了未验证的外部设备而造成的机密数据泄露的情况。即,在电子设备检测到其连接到外部设备时,需要确定该外部设备是否属于能够运行的外部设备,在确定其为能够允许使用的外部设备之前,电子设备不会允许该外部设备运行,进而避免通过未验证的外部设备将机密数据转移,造成机密数据泄密的情况。It can be understood that, the purpose of the embodiments of the present invention is to prevent users from transferring confidential data through an external device, resulting in leakage of confidential data, and bringing major hidden dangers to data security of users. Therefore, in the embodiment of the present invention, when the electronic device detects that it is connected to an external device, the external device needs to be verified, and only the verified external device is allowed to run, so as to avoid leakage of confidential data caused by running an unverified external device. Case. That is, when the electronic device detects that it is connected to an external device, it needs to determine whether the external device is an external device that can be used. Avoid the transfer of confidential data through unauthenticated external devices, resulting in the leakage of confidential data.

本发明实施例并不对检测到外部设备的方法进行限定,该方法与外部设备的种类相关,只要可以确定当前电子设备是否接入外部设备即可。例如,当外部设备是U盘时,若U盘插入到电子设备,U盘就会上电,U盘中的控制器就自动向电子设备发送识别信息,只要电子设备接收到该识别信息,即可认为检测到接入外部设备。The embodiment of the present invention does not limit the method for detecting the external device, and the method is related to the type of the external device, as long as it can be determined whether the current electronic device is connected to the external device. For example, when the external device is a U-disk, if the U-disk is inserted into the electronic device, the U-disk will be powered on, and the controller in the U-disk will automatically send identification information to the electronic device. As long as the electronic device receives the identification information, that is, It can be considered that access to an external device is detected.

需要说明的是,本发明实施例中电子设备只要检测到接入了外部设备,就会获取外部设备的身份信息,以便利用组策略中的外部设备管理名单对该身份信息进行验证,以确定该外部设备是否被允许使用。本发明实施例并不对该身份信息的内容进行限定,只要可以唯一标识该外部设备即可。例如,该身份信息可以是外部设备的硬件ID(Identitydocument,身份证标识号)。由于本发明实施例不对该身份信息的内容进行限定,进而本发明实施例也不对获取外部设备的身份信息的过程进行限定。例如,当外部设备的身份信息是外部设备的硬件ID时,该获取外部设备的身份信息的过程可以是:利用设备信息枚举技术获取该外部设备的硬件ID。也可以是利用设备管理器获取该外部设备的身份信息(如硬件ID)。当然,也可以同时存在设备信息枚举技术以及设备管理器,使用这两种方式来获取外部设备的身份信息。其中,设备信息枚举技术可以是HardwareID软件,即HardwareID工具,该HardwareID软件可以显示相关硬件的身份识别信息,本发明实施例并不限定该HardwareID软件的实现过程,其可以通过使用设备信息枚举函数(如SetupDiGetClassDevsA函数)查找当前电子设备中存在的设备信息。设备管理器是一种管理工具,可以用它来管理计算机上的设备。如,可以使用设备管理器查看设备属性、更新设备驱动程序、配置设备设置和卸载设备。It should be noted that in the embodiment of the present invention, as long as the electronic device detects that an external device is connected, it will acquire the identity information of the external device, so as to verify the identity information by using the external device management list in the group policy to determine the identity information of the external device. Whether external devices are allowed to be used. This embodiment of the present invention does not limit the content of the identity information, as long as the external device can be uniquely identified. For example, the identity information may be a hardware ID (Identity document, identification number) of the external device. Since the embodiment of the present invention does not limit the content of the identity information, furthermore, the embodiment of the present invention does not limit the process of acquiring the identity information of the external device. For example, when the identity information of the external device is the hardware ID of the external device, the process of acquiring the identity information of the external device may be: using a device information enumeration technology to acquire the hardware ID of the external device. The identity information (eg hardware ID) of the external device may also be obtained by using the device manager. Of course, the device information enumeration technology and the device manager may also exist at the same time, and use these two methods to obtain the identity information of the external device. The device information enumeration technology may be HardwareID software, that is, a HardwareID tool. The HardwareID software can display the identification information of the relevant hardware. The embodiment of the present invention does not limit the implementation process of the HardwareID software. It can be enumerated by using the device information. A function (such as the SetupDiGetClassDevsA function) searches for the device information existing in the current electronic device. Device Manager is an administrative tool that you can use to manage the devices on your computer. For example, you can use Device Manager to view device properties, update device drivers, configure device settings, and uninstall devices.

S102、利用组策略中的外部设备管理名单对身份信息进行验证。S102 , verify the identity information by using the external device management list in the group policy.

其中,组策略(Group Policy)是指Windows操作系统上,控制用户帐户和计算机帐户工作环境的一种特性。主要提供了操作系统、应用程序和活动目录中用户设置的集中化管理和配置。Among them, Group Policy (Group Policy) refers to a feature on the Windows operating system that controls the working environment of user accounts and computer accounts. It mainly provides centralized management and configuration of user settings in the operating system, applications and Active Directory.

可以理解的是,本发明实施例中并不限定外部设备管理名单的内容,只要可以通过该外部设备管理名单对外部设备的身份信息进行验证,以便确定是否允许使用该外部设备即可。例如,该外部设备管理名单可以是记录了允许使用的外部设备的身份信息的白名单;也可以是记录了不允许使用的外部设备的身份信息的黑名单;当然,也可以是同时存在允许使用的外部设备的身份信息的白名单,以及不允许使用的外部设备的身份信息的黑名单。本发明实施例中也不限定外部设备管理名单中名单的数量,即,不限定外部设备管理名单中对应的外部设备的身份信息的数量。用户(当组策略是针对多个电子设备时,该用户一般指具有管理权限的用户)可以根据实际情况设置和修改该外部设备管理名单,提高了外部设备管理的灵活性和便捷性,满足用户的个性化需求。例如,用户可以根据实际情况增加,或者删除外部设备管理名单中的身份信息。It can be understood that the embodiment of the present invention does not limit the content of the external device management list, as long as the identity information of the external device can be verified through the external device management list to determine whether to allow the use of the external device. For example, the external device management list can be a white list that records the identity information of external devices that are allowed to be used; it can also be a black list that records the identity information of external devices that are not allowed to be used; A whitelist of identities of external devices, and a blacklist of identities of external devices that are not allowed to be used. The embodiment of the present invention also does not limit the number of lists in the external device management list, that is, does not limit the number of identity information of external devices corresponding to the external device management list. The user (when the group policy is for multiple electronic devices, the user generally refers to the user with management rights) can set and modify the external device management list according to the actual situation, which improves the flexibility and convenience of external device management and satisfies the needs of users. of individual needs. For example, the user can add or delete the identity information in the external device management list according to the actual situation.

相应的,本发明实施例中也不对利用组策略中的外部设备管理名单对身份信息进行验证的过程进行限定,其与外部设备管理名单的具体设置形式相关。例如,若外部设备管理名单是记录了允许使用的外部设备的身份信息的白名单,则利用组策略中的外部设备管理名单对身份信息进行验证的过程可以是:判断该外部设备的身份信息是否在组策略中的外部设备管理名单中,若在,则验证通过,允许使用该外部设备。若不在,则验证未通过,禁止使用该外部设备。再例如,若外部设备管理名单是记录了禁止使用的外部设备的身份信息的黑名单,则利用组策略中的外部设备管理名单对身份信息进行验证的过程可以是:判断该外部设备的身份信息是否在组策略中的外部设备管理名单中,若在,则验证未通过,禁止使用该外部设备。若不在,则验证通过,允许使用该外部设备。Correspondingly, the embodiment of the present invention does not limit the process of using the external device management list in the group policy to verify the identity information, which is related to the specific setting form of the external device management list. For example, if the external device management list is a white list that records the identity information of the external device that is allowed to be used, the process of using the external device management list in the group policy to verify the identity information may be: judging whether the identity information of the external device is In the external device management list in the group policy, if it exists, the verification is passed and the external device is allowed to be used. If not, the verification fails and the use of the external device is prohibited. For another example, if the external device management list is a blacklist that records the identity information of external devices that are prohibited from being used, the process of using the external device management list in the group policy to verify the identity information may be: judging the identity information of the external device. Whether it is in the external device management list in the group policy, if so, the verification fails and the use of the external device is prohibited. If not, the verification is passed and the external device is allowed to be used.

进一步,由于每个外部设备的身份信息都不相同,即便是同类型的外部设备之间对应的身份信息也不相同,即,身份信息与单个外部设备形成一一对应的关系。例如,每个U盘对应的身份信息也均不相同。因此,本发明实施例中利用组策略中的外部设备管理名单能够实现对单个外部设备的身份信息的验证,进而实现通过组策略完成对单个外部设备的精准管理,即,本发明实施例实现了对最小单位的外部设备的管理过程,进而可以满足用户的各种需求,提高了外部设备管理的便捷性、可靠性以及适应性。Further, since the identity information of each external device is different, even the corresponding identity information between external devices of the same type is not the same, that is, the identity information forms a one-to-one correspondence with a single external device. For example, the identity information corresponding to each U disk is also different. Therefore, in the embodiment of the present invention, the external device management list in the group policy can be used to verify the identity information of a single external device, and then the precise management of the single external device can be completed through the group policy. That is, the embodiment of the present invention realizes the The management process of the external equipment of the smallest unit can further meet the various needs of users, and improve the convenience, reliability and adaptability of external equipment management.

需要说明的是,本发明实施例中为了通过外部设备的身份信息实现对外部设备的管理,需要创建用于对外部设备的身份信息进行验证的外部设备管理名单,并将该外部设备管理名单设置到组策略中,以便下发后的组策略可以根据该外部设备管理名单实现对单个外部设备的管理。即,本发明实施例在执行外部设备管理方法之前,还可以由自身电子设备创建外部设备管理名单,以及将外部设备管理名单设置到组策略中,并下发该组策略,以便该电子设备根据该组策略执行外部设备管理过程。当然,本发明实施例中并不限定创建外部设备管理名单,以及将外部设备管理名单设置到组策略中,并下发该组策略这一过程的执行主体。其还可以是由其他电子设备(如对内网指定的全部电子设备实现管理功能的电子设备)创建外部设备管理名单,以及将外部设备管理名单设置到组策略中,并向指定的全部电子设备下发该组策略,以便指定的全部电子设备根据该组策略执行外部设备管理过程。即,此时,指定的全部电子设备仅需要根据下发的组策略即可执行外部设备管理过程。It should be noted that, in this embodiment of the present invention, in order to implement the management of the external device through the identity information of the external device, it is necessary to create an external device management list for verifying the identity information of the external device, and set the external device management list into the group policy, so that the issued group policy can manage a single external device according to the external device management list. That is, before executing the external device management method in this embodiment of the present invention, an external device management list may be created by its own electronic device, and the external device management list may be set in a group policy, and the group policy may be issued so that the electronic device can This Group Policy performs the external device management process. Of course, the embodiment of the present invention does not limit the process of creating an external device management list, setting the external device management list into a group policy, and delivering the execution subject of the group policy. It can also be created by other electronic devices (such as electronic devices that implement management functions for all electronic devices specified in the intranet), and setting the external device management list The group policy is issued, so that all the specified electronic devices execute the external device management process according to the group policy. That is, at this time, all the designated electronic devices only need to execute the external device management process according to the issued group policy.

可以理解的是,本发明实施例中并不对创建外部设备管理名单的过程进行限定。例如,可以根据获取的目标外部设备的身份信息,以及名单属性可以形成对应的外部设备管理名单。如,当获取的目标外部设备的身份信息的名单属性为允许使用的外部设备的身份信息时,形成的外部设备管理名单即为记录了允许使用的外部设备的身份信息的白名单。当获取的目标外部设备的身份信息的名单属性为禁止使用的外部设备的身份信息时,形成的外部设备管理名单即为记录了禁止使用的外部设备的身份信息的黑名单。本发明实施例中也不对将外部设备管理名单设置到组策略中,并下发该组策略的过程进行限定,只要可以使下发到组策略的电子设备能够利用该组策略执行该外部设备管理名单,实现对外部设备的管理即可。例如,将外部设备管理名单形成外设管控规则,在将该外设管控规则配置到组策略中,当外设管控规则被引用时,接收到下发的该组策略的电子设备就会被可靠性的设置上该组策略,实现根据该组策略对外部设备的管理过程。It can be understood that, the process of creating an external device management list is not limited in this embodiment of the present invention. For example, a corresponding external device management list can be formed according to the acquired identity information of the target external device and the list attribute. For example, when the acquired list attribute of the identity information of the target external device is the identity information of the permitted external device, the formed external device management list is a white list that records the identity information of the permitted external device. When the acquired list attribute of the identity information of the target external device is the identity information of the prohibited external device, the formed external device management list is a blacklist that records the identity information of the prohibited external device. The embodiment of the present invention also does not limit the process of setting the external device management list into the group policy and issuing the group policy, as long as the electronic device issued to the group policy can use the group policy to perform the management of the external device The list can be used to manage external devices. For example, the external device management list is formed into a peripheral device management and control rule. When the peripheral device management and control rule is configured into the group policy, when the peripheral device management and control rule is referenced, the electronic device that receives the issued group policy will be reliable. You can set the group policy to realize the management process of external devices according to the group policy.

S103、若验证通过,则允许使用外部设备。S103. If the verification is passed, the external device is allowed to be used.

S104、若验证未通过,则禁止使用外部设备。S104. If the verification fails, the use of an external device is prohibited.

需要说明的是,本发明实施例中并不对允许使用外部设备,以及禁止使用外部设备的方式进行限定,只要可以控制外部设备的使用情况即可。例如,运行使用的外部设备可以在该电子设备中正常运行,进入到正常的工作状态,而禁止使用的外部设备则不能在该电子设备中运行,也不能进入到正常的工作状态。It should be noted that the embodiments of the present invention do not limit the manner in which the use of the external device is permitted and the manner in which the use of the external device is prohibited, as long as the use of the external device can be controlled. For example, an external device used for operation can run normally in the electronic device and enter a normal working state, while an external device that is prohibited from being used cannot run in the electronic device or enter a normal working state.

本发明实施例中在检测到外部设备时,获取该外部设备的身份信息,利用具有外部设备管理名单的组策略对该外部设备的身份信息进行验证,只有在该外部设备的身份信息通过验证时,才能够允许该外部设备运行,进而使用该外部设备,实现对外部设备的管理。进一步,由于本发明实施例中可以通过外部设备的身份信息来确定外接的网络设备是否为移动网卡,进而可以针对单个的网卡外设进行禁用,避免当前在要求不能禁止电子设备本身自带的网卡的情况下,想要禁用移动网卡时,由于不能区分该网卡是本地网卡还是移动网卡,而造成的相关技术中只能选择不对网卡进行管理。这样就会造成数据安全漏洞。而本发明实施例可以通过网卡的身份信息,实现对单个网卡的控制,进而可以解决上述问题。也就是说,本发明实施例通过外部设备的身份信息可以实现仅禁止移动网卡,而不影响本地网卡的使用。即,本发明实施例通过外部设备的身份信息可以实现仅禁止特定的外接设备,而不影响其余外部设备的使用。In the embodiment of the present invention, when an external device is detected, the identity information of the external device is acquired, and the identity information of the external device is verified by using a group policy with a management list of external devices, and only when the identity information of the external device passes the verification , the external device can be allowed to run, and then the external device can be used to realize the management of the external device. Further, because in the embodiment of the present invention, it can be determined whether the external network device is a mobile network card through the identity information of the external device, and then it can be disabled for a single network card peripheral device, so as to avoid the current requirement that the network card that the electronic device itself comes with cannot be prohibited. In the case of a mobile network card, when the mobile network card is to be disabled, it is impossible to distinguish whether the network card is a local network card or a mobile network card, and the related art can only choose not to manage the network card. This will create a data security breach. However, the embodiment of the present invention can realize the control of a single network card through the identity information of the network card, thereby solving the above problems. That is to say, in this embodiment of the present invention, only the mobile network card can be prohibited without affecting the use of the local network card through the identity information of the external device. That is, in the embodiment of the present invention, only a specific external device can be prohibited without affecting the use of other external devices through the identity information of the external device.

基于上述技术方案,本发明实施例提供了一种外部设备管理方法,该方法通过在组策略中设置外部设备管理名单,可以实现对每一个外部设备的管理,进而实现通过组策略完成针对单个外部设备的精准管理,能够实现针对最小单位的外部设备管理过程,能够可以满足用户的各种个性化需求,提高外部设备管理的便捷性、可靠性以及适应性。Based on the above technical solution, an embodiment of the present invention provides a method for managing external devices. The method can manage each external device by setting a management list of external devices in a group policy, and further realizes the management of a single external device through a group policy. The precise management of equipment can realize the external equipment management process for the smallest unit, can meet the various personalized needs of users, and improve the convenience, reliability and adaptability of external equipment management.

基于上述实施例,请参考图3,图3为本发明实施例所提供的一种组策略设置方法的流程图;该过程可以包括:Based on the above embodiment, please refer to FIG. 3, which is a flowchart of a method for setting a group policy provided by an embodiment of the present invention; the process may include:

S201、创建外部设备管理名单。S201. Create an external device management list.

由于本发明实施例中并不限定外部设备管理名单中名单的数量,即,不限定外部设备管理名单中目标外部设备的身份信息的数量。本发明实施例中将外部设备管理名单中对应的外部设备称之为目标外部设备。用户(当组策略是针对多个电子设备(如内网场景下)时,该用户一般指具有管理权限的用户)可以根据实际情况设置和修改该外部设备管理名单,提高了外部设备管理的灵活性和便捷性,满足用户的个性化需求。例如,用户可以根据实际情况增加,或者删除外部设备管理名单中的身份信息。Because the embodiment of the present invention does not limit the number of lists in the external device management list, that is, does not limit the number of identity information of the target external device in the external device management list. In the embodiment of the present invention, the corresponding external device in the external device management list is referred to as a target external device. The user (when the group policy is for multiple electronic devices (such as in the intranet scenario), the user generally refers to the user with management rights) can set and modify the external device management list according to the actual situation, which improves the flexibility of external device management flexibility and convenience to meet the individual needs of users. For example, the user can add or delete the identity information in the external device management list according to the actual situation.

需要说明的是,本发明实施例中并不对创建外部设备管理名单的过程进行限定,只要可以根据获取的目标外部设备的身份信息,形成外部设备管理名单即可。例如,可以根据获取的目标外部设备的身份信息,以及用户需要的外部设备管理名单的名单属性可以形成对应的外部设备管理名单。如,当获取的目标外部设备的身份信息的名单属性为允许使用的外部设备的身份信息时,形成的外部设备管理名单即为记录了允许使用的外部设备的身份信息的白名单。当获取的目标外部设备的身份信息的名单属性为禁止使用的外部设备的身份信息时,形成的外部设备管理名单即为记录了禁止使用的外部设备的身份信息的黑名单。It should be noted that the embodiment of the present invention does not limit the process of creating the external device management list, as long as the external device management list can be formed according to the acquired identity information of the target external device. For example, the corresponding external device management list can be formed according to the acquired identity information of the target external device and the list attribute of the external device management list required by the user. For example, when the acquired list attribute of the identity information of the target external device is the identity information of the permitted external device, the formed external device management list is a white list that records the identity information of the permitted external device. When the acquired list attribute of the identity information of the target external device is the identity information of the prohibited external device, the formed external device management list is a blacklist that records the identity information of the prohibited external device.

可以理解的是,由于本发明实施例不对该身份信息的内容进行限定,进而本发明实施例也不对获取目标外部设备的身份信息的过程进行限定。例如,该获取目标外部设备的身份信息的过程可以是:利用硬件ID软件(如HardwareID软件,即HardwareID工具)获取目标外部设备的硬件ID(即将硬件ID作为身份信息);也可以是利用设备管理器获取目标外部设备的身份信息(如硬件ID)。当然也可以同时存在硬件ID软件以及设备管理器,使用这两种方式来获取目标外部设备的身份信息。其中,HardwareID软件可以显示相关硬件的身份识别信息,本发明实施例并不限定该HardwareID软件的实现过程,其可以通过使用设备信息枚举函数(如SetupDiGetClassDevsA函数)查找当前电子设备中存在的设备信息。设备管理器是一种管理工具,可以用它来管理计算机上的设备。如,可以使用设备管理器查看设备属性、更新设备驱动程序、配置设备设置和卸载设备。It can be understood that, since the embodiment of the present invention does not limit the content of the identity information, furthermore, the embodiment of the present invention does not limit the process of acquiring the identity information of the target external device. For example, the process of obtaining the identity information of the target external device may be: using hardware ID software (such as HardwareID software, namely the HardwareID tool) to obtain the hardware ID of the target external device (that is, using the hardware ID as the identity information); or using device management The controller obtains the identity information (such as hardware ID) of the target external device. Of course, the hardware ID software and the device manager can also exist at the same time, and the identity information of the target external device can be obtained by using these two methods. Wherein, the HardwareID software can display the identification information of the relevant hardware, and the embodiment of the present invention does not limit the implementation process of the HardwareID software, which can search for the device information existing in the current electronic device by using the device information enumeration function (such as the SetupDiGetClassDevsA function). . Device Manager is an administrative tool that you can use to manage the devices on your computer. For example, you can use Device Manager to view device properties, update device drivers, configure device settings, and uninstall devices.

进一步,本发明实施例中也不对利用硬件ID软件获取目标外部设备的硬件ID的过程进行限定。例如,先打开HardwareID工具,然后插入或者连接需要获取硬件ID的目标外部设备,然后在HardwareID工具中输入获取指令(如点击HardwareID工具中的获取按钮),就会在HardwareID工具显示目标外部设备的硬件ID,用户可以通过鼠标等工具选取该硬件ID信息,即获取到该目标外部设备的身份信息。本发明实施例中也不对利用设备管理器获取目标外部设备的身份信息的过程进行限定。例如,打开设备管理器(如电子设备进入Windows操作系统界面后,按下键盘的windows键+R键,输入命令“devmgmt.msc”然后回车即可打开本机的设备管理器),然后在设备管理器的设备类型列表里面找到相应的外部设备,查看该外部设备的属性,在属性中的详细信息列表中属性选项中选择硬件ID,对应的在值(V)中显示的即为该外部设备的硬件ID信息。下面以磁盘设备作为外部设备为例进行说明:首先打开电子设备的设备管理器,在磁盘驱动器中选择目标磁盘设备后,点击弹出框中的属性按钮,在弹出的界面中点击详细信息按钮,在详细信息界面中属性(P)对应的选择项中选择硬件ID选项,对应就会在值(V)对应的列表中第一行显示目标磁盘设备的硬件ID信息。具体可以参考图4,给出了最后详细信息界面示意图,图4中目标磁盘设备的硬件ID信息为SCSI\Disk_WD_____WD3200BPVT-11HXZ01.0。当该目标外部设备为U盘时,可以按照上述过程先获取到硬件ID值,后续还需要在详细信息界面中属性(P)对应的选择项中选择父系选项,对应就会在值(V)对应的列表中第一行显示该U盘的父系ID,最后将得到的硬件ID值与父系ID用逗号拼接起来就是U盘对应的身份信息。Further, the embodiment of the present invention does not limit the process of obtaining the hardware ID of the target external device by using the hardware ID software. For example, first open the HardwareID tool, then insert or connect the target external device that needs to obtain the hardware ID, and then enter the acquisition command in the HardwareID tool (for example, click the acquire button in the HardwareID tool), the hardware of the target external device will be displayed in the HardwareID tool. ID, the user can select the hardware ID information through a tool such as a mouse, that is, obtain the identity information of the target external device. The embodiment of the present invention also does not limit the process of acquiring the identity information of the target external device by using the device manager. For example, open the device manager (for example, after the electronic device enters the Windows operating system interface, press the windows key + R key of the keyboard, enter the command "devmgmt.msc" and press Enter to open the device manager of the machine), and then in Find the corresponding external device in the device type list of the device manager, check the properties of the external device, select the hardware ID in the property option in the detailed information list in the properties, and the corresponding display in the value (V) is the external device Hardware ID information of the device. The following takes the disk device as an external device as an example: first, open the device manager of the electronic device, select the target disk device in the disk drive, click the Properties button in the pop-up box, click the Details button in the pop-up interface, and then click the In the detailed information interface, select the hardware ID option in the option corresponding to the attribute (P), and the corresponding hardware ID information of the target disk device will be displayed in the first line of the list corresponding to the value (V). For details, please refer to Figure 4, which shows a schematic diagram of the final detailed information interface. The hardware ID information of the target disk device in Figure 4 is SCSI\Disk_WD_____WD3200BPVT-11HXZ01.0. When the target external device is a USB flash drive, you can first obtain the hardware ID value according to the above process, and then you need to select the parent system option in the selection item corresponding to the attribute (P) in the detailed information interface, and the corresponding value will be displayed in the value (V) The first line in the corresponding list displays the parent ID of the USB flash drive. Finally, the obtained hardware ID value and the parent ID are spliced together with commas to obtain the identity information corresponding to the USB flash drive.

S202、将外部设备管理名单设置到组策略中,并下发组策略。S202. Set the external device management list into the group policy, and issue the group policy.

需要说明的是,本发明实施例中也不对将外部设备管理名单设置到组策略中,并下发组策略的过程进行限定,只要可以使下发到组策略的电子设备能够利用该组策略执行该外部设备管理名单,实现对外部设备的管理即可。例如,将外部设备管理名单形成外设管控规则,再将该外设管控规则配置到组策略中,当外设管控规则被引用时,接收到下发的该组策略的电子设备就会被可靠性的设置上该组策略,实现根据该组策略对外部设备的管理过程。It should be noted that, in the embodiment of the present invention, the process of setting the external device management list into the group policy and issuing the group policy is not limited, as long as the electronic device issued to the group policy can use the group policy to execute The external device management list can be used to manage external devices. For example, the external device management list is formed into a peripheral device management and control rule, and then the peripheral device management and control rule is configured into the group policy. When the peripheral device management and control rule is referenced, the electronic device that receives the issued group policy will be reliable. You can set the group policy to realize the management process of external devices according to the group policy.

可以理解的是,为了提高本发明实施例中组策略对外部设备管理的便捷性和灵活性,本发明实施例中还可以在组策略中增加禁止使用的外部设备类型的选项,以便用户更加方便的禁止某一类外部设备的使用。例如,当用户选择禁用存储设备对应的外部设备时,用户就不能够在该电子设备中使用任何具有存储功能的外部设备,如U盘。即,本发明实施例在形成组策略时,除了可以设置外部设备管理名单,还可以将选择的禁止使用的外部设备类型设置到组策略中;其中,外部设备类型包含存储设备、网络设备、蓝牙设备、摄像头以及打印机中至少一项。当然,该外部设备类型可以不限于此,还可以包含如扫描机等其他外部设备类型。即,本发明实施例并不对外部设备类型的种类进行限定。It can be understood that, in order to improve the convenience and flexibility of the external device management by the group policy in the embodiment of the present invention, an option of the type of external device prohibited from being used may also be added in the embodiment of the present invention, so that the user is more convenient. The use of a certain type of external equipment is prohibited. For example, when the user chooses to disable the external device corresponding to the storage device, the user cannot use any external device with a storage function, such as a U disk, in the electronic device. That is, when forming a group policy in this embodiment of the present invention, in addition to setting the external device management list, the selected prohibited external device types can also be set in the group policy; wherein, the external device types include storage devices, network devices, Bluetooth At least one of a device, a camera, and a printer. Of course, the type of the external device may not be limited to this, and may also include other types of external devices such as a scanner. That is, the embodiment of the present invention does not limit the types of external device types.

本发明实施例中并不对将选择的禁止使用的外部设备类型设置到组策略中的过程进行限定,只要可以实现在组策略中添加禁止使用的外部设备类型这一功能即可。例如,可以在外设管控规则中设置禁止使用的外设类型选项,用户可以根据自身的实际需求选择相关禁止使用的类型,再将该外设管控规则配置到组策略中,当外设管控规则被引用时,接收到下发的该组策略的电子设备就会被可靠性的设置上该组策略,实现根据该组策略对外部设备的管理过程。当然,本发明实施例中并不对外设管控规则的具体内容进行限定,用户可以根据自身实际需求设置相关的外部设备管理名单以及禁止使用的外设类型。还可以根据用户实际需求增加相应的规则描述内容,以便用户更加清楚该外设管控规则,例如,还可以在外设管控规则中设置规则名称,规则类型以及规则描述等。请参考图5,将白名单作为外部设备管理名单为例,给出了一种外设管控规则界面的示意图。其中,用户可以在白名单设置处,设置目标外部设备的ID,其可以有数量限制,当然也可以没有数量限制。设备硬件ID(即外部设备硬件ID)获取指南可以是显示如何利用硬件ID软件或者设备管理器获取目标外部设备ID的教程,以便于用户可以方便的获取到外部设备的硬件ID。当然,本发明实施例中并不对该设备硬件ID获取指南对应的内容进行限定,其可以是视频教程,也可以是语音教程,还可以是图片教程,或者是文字教程。禁止使用的外设类型用户可以仅选择一项,也可以是同时选择多项,当然,也可以不选择。The embodiment of the present invention does not limit the process of setting the selected prohibited external device type into the group policy, as long as the function of adding the prohibited external device type in the group policy can be implemented. For example, the prohibited peripheral type option can be set in the peripheral control rule. Users can select the relevant prohibited type according to their actual needs, and then configure the peripheral control rule into the group policy. When the reference is made, the electronic device that receives the issued group policy will reliably set the group policy, so as to realize the management process of the external device according to the group policy. Of course, the embodiment of the present invention does not limit the specific content of the external device management and control rules, and the user can set a related external device management list and prohibited peripheral device types according to their actual needs. Corresponding rule description content can also be added according to the actual needs of the user, so that the user can understand the peripheral device management and control rules more clearly. For example, the rule name, rule type, and rule description can also be set in the peripheral device management and control rules. Referring to FIG. 5 , a schematic diagram of a peripheral device management and control rule interface is given by taking the white list as an external device management list as an example. Among them, the user can set the ID of the target external device at the whitelist setting place, and the number of the ID of the target external device can be limited, and of course, there can be no quantitative limit. The device hardware ID (that is, the external device hardware ID) acquisition guide may be a tutorial showing how to use the hardware ID software or the device manager to acquire the target external device ID, so that the user can easily obtain the hardware ID of the external device. Of course, the embodiment of the present invention does not limit the content corresponding to the device hardware ID acquisition guide, which may be a video tutorial, a voice tutorial, a picture tutorial, or a text tutorial. The user can select only one of the types of peripherals that are prohibited from being used, or select multiple items at the same time, of course, or not.

基于上述技术方案,本发明实施例提供了一种外部设备管理方法,该方法可以有效可靠的禁止某一个外部设备的使用,或者某一类外部设备的使用,能够更加灵活的实现对外部设备的管控。Based on the above technical solutions, the embodiments of the present invention provide an external device management method, which can effectively and reliably prohibit the use of a certain external device, or the use of a certain type of external device, and can more flexibly realize the management of external devices. Control.

基于上述任意实施例,由于组策略是Windows操作系统中的一个功能,电子设备的使用者可以自行修改该组策略。当需要保证组策略的有效性,避免具有管理功能的电子设备下发的组策略被接收组策略的电子设备的用户的修改而造成组策略不能够可靠执行的情况,例如,内网场景下,除管理电子设备之外的电子设备的用户对组策略的修改。本发明实施例中还可以对组策略进行监测,避免出现对组策略的恶意修改情况。即,本发明实施例中在监测到组策略被修改时,重新下发未被修改的组策略。Based on any of the above embodiments, since the group policy is a function in the Windows operating system, the user of the electronic device can modify the group policy by himself. When it is necessary to ensure the validity of the group policy and avoid the group policy issued by the electronic device with management function being modified by the user of the electronic device receiving the group policy, the group policy cannot be reliably executed, for example, in the intranet scenario, Modifications to group policies by users of electronic devices other than managing electronic devices. In the embodiment of the present invention, the group policy can also be monitored to avoid malicious modification of the group policy. That is, in the embodiment of the present invention, when it is detected that the group policy is modified, the unmodified group policy is re-delivered.

需要说明的是,本发明实施例中电子设备一旦监测到组策略被修改,为了避免组策略被修改,需要及时重新下发未被修改的组策略,进而可以避免组策略被修改。本发明实施例中并不对监测组策略是否被修改的方法进行限定,只要可以实现对组策略的监测就行。例如,可以通过守护进程监测组策略是否被修改。为了确保监测的可靠性,该守护进程不会被系统杀死,进而能够有效保障外设管控功能的正常使用。It should be noted that, once the electronic device in this embodiment of the present invention detects that the group policy is modified, in order to avoid the modification of the group policy, the unmodified group policy needs to be re-delivered in time, thereby avoiding the modification of the group policy. The embodiment of the present invention does not limit the method for monitoring whether the group policy is modified, as long as the monitoring of the group policy can be realized. For example, a daemon can monitor whether Group Policy has been modified. In order to ensure the reliability of monitoring, the daemon process will not be killed by the system, which can effectively ensure the normal use of peripheral management and control functions.

可以理解的是,本发明实施例提供的监测组策略的过程可以是实时监控,也可以是按照预设周期进行监测。当然,本发明实施例并不对该预设周期的数值进行限定,例如,该预设周期可以是比系统下发组策略的周期小的周期。It can be understood that, the process of monitoring the group policy provided by the embodiment of the present invention may be real-time monitoring, or may be monitoring according to a preset period. Of course, the embodiment of the present invention does not limit the value of the preset period. For example, the preset period may be a period smaller than the period in which the system issues the group policy.

基于上述技术方案,本发明实施例提供了一种外部设备管理方法,通过守护进程对组策略是否修改进行监测,进而可以保证设置的组策略的有效性,防止用户自行修改组策略的情况发生,进而能够有效保障外设管控功能的正常使用。Based on the above technical solution, the embodiment of the present invention provides a method for managing external devices, which monitors whether the group policy is modified through a daemon process, thereby ensuring the validity of the set group policy and preventing the user from modifying the group policy by himself. In this way, the normal use of the peripheral management and control functions can be effectively guaranteed.

需要说明的是,本发明中各个实施例中的不相互矛盾的特征均可以任意组合,形成新的实施例,并不限制于上述几个实施例。本发明实施例并不对上述各个实施例的执行主体进行限定,其可以是电子设备。It should be noted that, the non-contradictory features in each embodiment of the present invention can be combined arbitrarily to form a new embodiment, which is not limited to the above-mentioned embodiments. The embodiment of the present invention does not limit the execution body of the foregoing embodiments, which may be an electronic device.

下面对本发明实施例提供的外部设备管理装置、电子设备及存储介质进行介绍,下文描述的外部设备管理装置、电子设备及存储介质与上文描述的外部设备管理方法可相互对应参照。The following describes the external device management apparatus, electronic device, and storage medium provided by the embodiments of the present invention. The external device management apparatus, electronic device, and storage medium described below and the external device management method described above may refer to each other correspondingly.

请参考图6,图6为本发明实施例所提供的外部设备管理装置的结构框图;该装置可以包括:Please refer to FIG. 6, which is a structural block diagram of an apparatus for managing external devices provided by an embodiment of the present invention; the apparatus may include:

外设身份信息获取模块110,用于当检测到外部设备时,获取外部设备的身份信息;The peripheral device identity information acquisition module 110 is used to acquire the identity information of the external device when the external device is detected;

外设管理模块120,用于利用组策略中的外部设备管理名单对身份信息进行验证;若验证通过,则允许使用外部设备;若验证未通过,则禁止使用外部设备。The peripheral device management module 120 is configured to use the external device management list in the group policy to verify the identity information; if the verification is passed, the use of the external device is allowed; if the verification fails, the use of the external device is prohibited.

基于上述实施例,该装置还可以包括:Based on the above embodiment, the apparatus may further include:

组策略设置模块,用于创建外部设备管理名单;将外部设备管理名单设置到组策略中,The group policy setting module is used to create an external device management list; set the external device management list to the group policy,

组策略下发模块,用于下发组策略。The group policy distribution module is used to distribute group policies.

基于上述实施例,该组策略设置模块还可以用于将选择的禁止使用的外部设备类型设置到组策略中;其中,外部设备类型包含存储设备、网络设备、蓝牙设备、摄像头以及打印机中至少一项。Based on the above embodiment, the group policy setting module can also be used to set the selected prohibited external device type into the group policy; wherein, the external device type includes at least one of a storage device, a network device, a Bluetooth device, a camera, and a printer. item.

基于上述任意实施例,该组策略设置模块可以包括:Based on any of the foregoing embodiments, the group policy setting module may include:

外部设备管理名单创建单元,用于获取目标外部设备的身份信息;根据目标外部设备的身份信息形成外部设备管理名单。The external device management list creation unit is used for acquiring the identity information of the target external device; and forming the external device management list according to the identity information of the target external device.

基于上述实施例,该外部设备管理名单创建单元可以包括:Based on the above embodiment, the external device management list creation unit may include:

第一身份信息获取子单元,用于利用设备信息枚举技术获取目标外部设备的身份信息。The first identity information obtaining subunit is used for obtaining the identity information of the target external device by using the device information enumeration technology.

和/或,and / or,

第二身份信息获取子单元,用于利用设备管理器获取目标外部设备的身份信息。The second identity information obtaining subunit is used for obtaining the identity information of the target external device by using the device manager.

基于上述任意实施例,该装置还可以包括:Based on any of the foregoing embodiments, the apparatus may further include:

有效性保护模块,用于当监测到组策略被修改时,重新下发未被修改的组策略。The validity protection module is used for re-delivering the unmodified group policy when it is detected that the group policy is modified.

需要说明的是,基于上述任意实施例,装置可以是基于可编程逻辑器件实现的,可编程逻辑器件包括FPGA,CPLD,单片机、处理器等。这些可编程逻辑器件可以设置在电子设备中。It should be noted that, based on any of the foregoing embodiments, the apparatus may be implemented based on a programmable logic device, and the programmable logic device includes an FPGA, a CPLD, a single-chip microcomputer, a processor, and the like. These programmable logic devices may be provided in electronic equipment.

相应于上面的方法实施例,本发明实施例还提供了一种电子设备。可以参见图7所示,该电子设备可以包括:Corresponding to the above method embodiments, the embodiments of the present invention further provide an electronic device. As shown in FIG. 7 , the electronic device may include:

存储器332,用于存储计算机程序;memory 332 for storing computer programs;

处理器322,用于执行计算机程序时实现上述方法实施例的外部设备管理方法。The processor 322 is configured to implement the external device management method of the above method embodiment when executing the computer program.

具体的,请参考图8,为本实施例提供的一种电子设备的具体结构示意图,该电子设备可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上处理器(centralprocessing units,CPU)322(例如,一个或一个以上处理器)和存储器332,一个或一个以上存储应用程序342或数据344的存储介质330(例如一个或一个以上海量存储设备)。其中,存储器332和存储介质330可以是短暂存储或持久存储。存储在存储介质330的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对数据处理设备中的一系列指令操作。更进一步地,处理器322可以设置为与存储介质330通信,在电子设备301上执行存储介质330中的一系列指令操作。Specifically, please refer to FIG. 8 , which is a schematic diagram of a specific structure of an electronic device provided in this embodiment. The electronic device may have relatively large differences due to different configurations or performances, and may include one or more processors (central processing units). , CPU) 322 (eg, one or more processors) and memory 332, one or more storage media 330 (eg, one or more mass storage devices) storing applications 342 or data 344. Among them, the memory 332 and the storage medium 330 may be short-term storage or persistent storage. The program stored in the storage medium 330 may include one or more modules (not shown in the figure), and each module may include a series of instructions to operate on the data processing device. Furthermore, the processor 322 may be configured to communicate with the storage medium 330 to execute a series of instruction operations in the storage medium 330 on the electronic device 301 .

电子设备301还可以包括一个或一个以上电源326,一个或一个以上有线或无线网络接口350,一个或一个以上输入输出接口358,和/或,一个或一个以上操作系统341。例如,Windows ServerTM,Mac OS XTM,UnixTM,LinuxTM,FreeBSDTM等。Electronic device 301 may also include one or more power supplies 326 , one or more wired or wireless network interfaces 350 , one or more input output interfaces 358 , and/or, one or more operating systems 341 . For example, Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.

上文所描述的外部设备管理方法中的步骤可以由电子设备的结构实现。该电子设备可以是终端(如,计算机,服务器等),本发明实施例对此并不进行限定。The steps in the external device management method described above may be implemented by the structure of the electronic device. The electronic device may be a terminal (eg, a computer, a server, etc.), which is not limited in this embodiment of the present invention.

相应于上面的方法实施例,本发明实施例还提供了一种存储介质。该存储介质上存储有计算机程序,计算机程序被处理器执行时实现上述方法实施例的外部设备管理方法的步骤。Corresponding to the above method embodiments, the embodiments of the present invention further provide a storage medium. A computer program is stored on the storage medium, and when the computer program is executed by the processor, the steps of the external device management method of the above method embodiment are implemented.

该存储介质具体可以为U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可存储程序代码的存储介质。The storage medium may specifically be a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk and other storage media that can store program codes. .

说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。The various embodiments in the specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same and similar parts between the various embodiments can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals may further realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of the two, in order to clearly illustrate the possibilities of hardware and software. Interchangeability, the above description has generally described the components and steps of each example in terms of functionality. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of the present invention.

结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of a method or algorithm described in conjunction with the embodiments disclosed herein may be directly implemented in hardware, a software module executed by a processor, or a combination of the two. A software module can be placed in random access memory (RAM), internal memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other in the technical field. in any other known form of storage medium.

以上对本发明所提供的一种外部设备管理方法、装置、电子设备及存储介质进行了详细介绍。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。The method, device, electronic device, and storage medium for managing external devices provided by the present invention have been described in detail above. The principles and implementations of the present invention are described herein by using specific examples, and the descriptions of the above embodiments are only used to help understand the method and the core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principle of the present invention, several improvements and modifications can also be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

Claims (10)

1.一种外部设备管理方法,其特征在于,包括:1. A method for managing external devices, comprising: 当检测到外部设备时,获取所述外部设备的身份信息;When an external device is detected, obtain the identity information of the external device; 利用组策略中的外部设备管理名单对所述身份信息进行验证;Verify the identity information by using the external device management list in the group policy; 若验证通过,则允许使用所述外部设备;If the verification is passed, the external device is allowed to be used; 若验证未通过,则禁止使用所述外部设备。If the verification fails, the use of the external device is prohibited. 2.根据权利要求1所述的外部设备管理方法,其特征在于,还包括:2. The external device management method according to claim 1, further comprising: 当监测到所述组策略被修改时,重新下发未被修改的所述组策略。When it is detected that the group policy is modified, the unmodified group policy is re-delivered. 3.根据权利要求1或2所述的外部设备管理方法,其特征在于,在所述当检测到外部设备时,获取所述外部设备的身份信息之前,还包括:3. The external device management method according to claim 1 or 2, characterized in that, before acquiring the identity information of the external device when the external device is detected, the method further comprises: 创建所述外部设备管理名单;creating said external device management list; 将所述外部设备管理名单设置到所述组策略中,并下发所述组策略。The external device management list is set into the group policy, and the group policy is delivered. 4.根据权利要求3所述的外部设备管理方法,其特征在于,所述创建所述外部设备管理名单,包括:4. The external device management method according to claim 3, wherein the creating the external device management list comprises: 获取目标外部设备的身份信息;Obtain the identity information of the target external device; 根据所述目标外部设备的身份信息形成所述外部设备管理名单。The external device management list is formed according to the identity information of the target external device. 5.根据权利要求4所述的外部设备管理方法,其特征在于,所述获取目标外部设备的身份信息,包括:5. The external device management method according to claim 4, wherein the acquiring the identity information of the target external device comprises: 利用设备信息枚举技术获取所述目标外部设备的身份信息。The identity information of the target external device is acquired by using the device information enumeration technology. 6.根据权利要求4所述的外部设备管理方法,其特征在于,所述获取目标外部设备的身份信息,包括:6. The external device management method according to claim 4, wherein the acquiring the identity information of the target external device comprises: 利用设备管理器获取所述目标外部设备的身份信息。Use the device manager to obtain the identity information of the target external device. 7.根据权利要求3所述的外部设备管理方法,其特征在于,在所述下发所述组策略之前,还包括:7 . The method for managing external devices according to claim 3 , wherein before the issuing the group policy, the method further comprises: 8 . 将选择的禁止使用的外部设备类型设置到所述组策略中;其中,所述外部设备类型包含存储设备、网络设备、蓝牙设备、摄像头以及打印机中至少一项。Setting the selected prohibited external device type into the group policy; wherein the external device type includes at least one of a storage device, a network device, a Bluetooth device, a camera, and a printer. 8.一种外部设备管理装置,其特征在于,包括:8. A device for managing external devices, comprising: 外设身份信息获取模块,用于当检测到外部设备时,获取所述外部设备的身份信息;a peripheral device identity information acquisition module, used for acquiring the identity information of the external device when an external device is detected; 外设管理模块,用于利用组策略中的外部设备管理名单对所述身份信息进行验证;若验证通过,则允许使用所述外部设备;若验证未通过,则禁止使用所述外部设备。The peripheral device management module is configured to use the external device management list in the group policy to verify the identity information; if the verification is passed, the external device is allowed to be used; if the verification fails, the use of the external device is prohibited. 9.一种电子设备,其特征在于,包括:9. An electronic device, characterized in that, comprising: 存储器,用于存储计算机程序;memory for storing computer programs; 处理器,用于执行所述计算机程序时实现如权利要求1至7任一项所述的外部设备管理方法。The processor is configured to implement the external device management method according to any one of claims 1 to 7 when executing the computer program. 10.一种存储介质,其特征在于,所述存储介质中存储有计算机可执行指令,所述计算机可执行指令被处理器加载并执行时,实现如上权利要求1至7任一项所述的外部设备管理方法。10. A storage medium, characterized in that, computer-executable instructions are stored in the storage medium, and when the computer-executable instructions are loaded and executed by a processor, the computer-executable instructions as described in any one of claims 1 to 7 are implemented. External device management method.
CN202010268691.9A 2020-04-08 2020-04-08 External equipment management method and device, electronic equipment and storage medium Pending CN111506893A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010268691.9A CN111506893A (en) 2020-04-08 2020-04-08 External equipment management method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010268691.9A CN111506893A (en) 2020-04-08 2020-04-08 External equipment management method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111506893A true CN111506893A (en) 2020-08-07

Family

ID=71870779

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010268691.9A Pending CN111506893A (en) 2020-04-08 2020-04-08 External equipment management method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111506893A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114186209A (en) * 2022-02-15 2022-03-15 北京安帝科技有限公司 Identity verification method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1893441A (en) * 2005-07-01 2007-01-10 捷讯研究有限公司 System and method for managing network lists in a wireless user equipment device
US20080104705A1 (en) * 2006-10-30 2008-05-01 Microsoft Corporation Setting group policy by device ownership
US20080148339A1 (en) * 2006-10-30 2008-06-19 Microsoft Corporation Group policy for unique class identifier devices
CN101241422A (en) * 2007-02-07 2008-08-13 佳能株式会社 Printing device and controlling method thereof
US20110167470A1 (en) * 2005-02-28 2011-07-07 Trust Digital, Llc Mobile data security system and methods
CN105320616A (en) * 2014-06-24 2016-02-10 腾讯科技(深圳)有限公司 External device control method and device
CN108427649A (en) * 2018-01-16 2018-08-21 广州杰赛科技股份有限公司 Access management method, terminal device, system and the storage medium of USB interface

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110167470A1 (en) * 2005-02-28 2011-07-07 Trust Digital, Llc Mobile data security system and methods
CN1893441A (en) * 2005-07-01 2007-01-10 捷讯研究有限公司 System and method for managing network lists in a wireless user equipment device
US20080104705A1 (en) * 2006-10-30 2008-05-01 Microsoft Corporation Setting group policy by device ownership
US20080148339A1 (en) * 2006-10-30 2008-06-19 Microsoft Corporation Group policy for unique class identifier devices
CN101241422A (en) * 2007-02-07 2008-08-13 佳能株式会社 Printing device and controlling method thereof
CN105320616A (en) * 2014-06-24 2016-02-10 腾讯科技(深圳)有限公司 External device control method and device
CN108427649A (en) * 2018-01-16 2018-08-21 广州杰赛科技股份有限公司 Access management method, terminal device, system and the storage medium of USB interface

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
李腾红: "《操作系统》", 中国铁道出版社, pages: 326 - 328 *
胡亮 等: "网络程序设计", vol. 1, 30 September 2003, 吉林大学出版社, pages: 123 - 125 *
韩志玲: "用组策略管理域用户环境", 《山西科技》, no. 05, 20 September 2008 (2008-09-20), pages 55 - 66 *
龚永罡 等: "Linux系统管理", vol. 1, 30 September 2000, 国防工业出版社, pages: 133 - 328 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114186209A (en) * 2022-02-15 2022-03-15 北京安帝科技有限公司 Identity verification method and system
CN114186209B (en) * 2022-02-15 2022-06-28 北京安帝科技有限公司 Identity verification method and system

Similar Documents

Publication Publication Date Title
US9705887B2 (en) Remote processsing of mobile applications
KR101996694B1 (en) Techniques to apply and share remote policies on mobile devices
US10257194B2 (en) Distribution of variably secure resources in a networked environment
US10140463B2 (en) Mechanisms to secure data on hard reset of device
WO2015096695A1 (en) Installation control method, system and device for application program
US20130254889A1 (en) Server-Side Restricted Software Compliance
US11509523B2 (en) Automated scripting for managed devices
US10757079B2 (en) Method and system for controlling remote session on computer systems using a virtual channel
JP2009521763A (en) Computer session management apparatus and system
WO2006044135A2 (en) Enterprise assessment management
CN107077403A (en) User authorization for file-level recovery from image-level backups
US20080256609A1 (en) Multiple User Credentials
CN104704506A (en) System control
KR101478801B1 (en) System and method for providing cloud computing service using virtual machine
CN104537310A (en) Method for managing portable storage device and client terminal
KR102551891B1 (en) Method and system for managing cloud access and accounts
JP4850159B2 (en) External device management system
CN111506893A (en) External equipment management method and device, electronic equipment and storage medium
CN103763370A (en) Method, system and device for changing screen locking password of working area of mobile terminal
KR102540097B1 (en) Device risk-based trusted device verification and remote access processing system
CN114861160A (en) Method and device, device, and storage medium for enhancing authority of non-administrator account
JP2009176265A (en) Information processing apparatus and information processing system
JP6661297B2 (en) Information processing apparatus and security management method
US12182279B2 (en) Techniques for providing security-related information
RU2571725C2 (en) System and method of controlling parameters of applications on computer user devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200807

RJ01 Rejection of invention patent application after publication