Solved

How can we ban music sharing and external hard drives?

Posted on 2006-11-07
13
390 Views
Last Modified: 2013-12-04
our company is having a big problem with music and software sharing, we can ban file shares but users are bringing in music and other illegal material on usb pens and external hard drives, we dont want to ban usb devices as staff need them frequently for work, but is there a way to specify a certain hard drive limitaion?
we have viewed peoples hard disks and they all have the same albums and cracked software, but disciplining them is a real grey area as we shouldn't spy on them.

we have written a script to delete .mp3/.wma ect but this interferes with windows system files and installed software. we know about treesize for our server drives, but local drives are a big problem for us. its mainly a local drive issue, is there any software out there or good pre-written scripts?

Any ideas??
0
Comment
Question by:aruphelp
13 Comments
 
LVL 14

Expert Comment

by:inbarasan
ID: 17888114
Dear aruphelp,

You can stop this only by User education and bringing some strict security policies and request your users to adhere to it.

Cheers!
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17889298
As stated, good policies are the place to start next is enforcing them. Here are some great policies that you can easily make your own:
http://www.sans.org/resources/policies/
There are GroupPolicies in active directory to prevent external usb's and harddrives... but burned CD's can still be brought in
http://www.microsoft.com/technet/windowsvista/library/9fe5bf05-a4a9-44e2-a0c3-b4b4eaaa37f3.mspx
http://support.microsoft.com/kb/555324
There is also a few 3rd parties too http://www.fullarmor.com/products-intellipolicy.htm

I've consulted for many companies in the same situation, and when the PC's are company owned, so is all the data on it, and your not spying. If you have policies in place that state this fact all the better. You may need to consider ghosting or reimaging the PC's and get them all back to "square" if possible. HR should handle the reitteration of the company policies, everyone gets a clean-slate, past possible violations are forgotten, going forward violations will be acted upon per company policy.

If you can take away admin rights, you'll have far less to worry about for installed software such as P2P's. You may also consider implimenting snort which can detect many of the popular programs. It's not enough to put in policies and check up on them here an there, you need to check all the time really.
-rich
0
 

Author Comment

by:aruphelp
ID: 17928743
Is there a good batch file that would remove .mp3 .wav .wma files but could avoid the program files and windows folder?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17929986
Sure, batch files are easy to write, you have a few choices in how you would implement them, a scheduled task on each of the users pc's, a scheduled task on a remote pc.
This script can be copied to a text file and renamed from .txt to .vbs, then all you have to do is schedule the task

strComputer = "."
WScript.Echo "=========================================="
WScript.Echo "Computer: " & strComputer
WScript.Echo "=========================================="
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colFiles = objWMIService.ExecQuery _
    ("Select * from CIM_Datafile Where Extension = 'mp3' OR Extension = 'wav' OR Extension = 'wma'")
For Each objFile in colFiles
    Wscript.Echo "Name: " & objFile.Name
Next

or you can put in a list of PC's if you wish to do this remotely from another pc, just change the first line like this:
strComputer = "10.10.10.10", "10.10.10.11", "10.10.10.12"
or...
strComputer = "PcName1", "Pcname2", "PcName3"
Just quote the name and or ip's and separate with a comma. To call this script create a batch file (a .txt file renamed to .bat) Just need this line
cscript /nologo find-audio.vbs  
(find-audio.vbs is the name of the script above) You can simply create a scheduled task that points to the batch file.

That script will echo the Computers name, and list each file on the pc. Output looks like this
Name: c:\program files\ahead\nero\boo.wav
Name: c:\program files\ahead\nero\dingdong.wav
Name: c:\program files\ahead\nero\trumpet1.wav
Name: c:\program files\msn messenger\newalert.wma
Name: c:\program files\msn messenger\newemail.wma
Name: c:\program files\msn messenger\nudge.wma
Name: c:\program files\msn messenger\online.wma
I've not sorted out how to exclude certain directories yet... perhaps a pointer to this question in the VBS TA
http://www.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/
-rich


0
 

Author Comment

by:aruphelp
ID: 17945562
Thanks for the help guys, its just fine tuning i need really, ideally a well equipped batch file that we could run that would delete the music but avoid the windows folder ect. i cant seem to find a solid solution anywhere.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17946118
I'm working on a script to take all permissions away from audio files, and only allow the local administrator account to access them, that way they are still recoverable if you grab the wrong file... and it will tick users off :)
-rich
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Expert Comment

by:pccpr
ID: 17983312
OK this might sound wierd...but do they NEED audio for anything?   Instead of hunting down all the files, just disable the playback hardware.

Just disable the sound!  

Mandatory user profiles, alerts and alarms when bypassed, removal of auido capabilities from supplied software, etc

The seek and destroy sound files seems a bit heavy handed as the first step.  

PS it's a fine line...getting them pissed off enough to behave....but not pissed off enough to misbehave!!



0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17984859
The playback isn't the point... it's the downloading and possible legal action from such groups as the RIAA or fellow employees turned extortionists that might try to make trouble. It's not uncommon that a disgruntled/downsized employee will try to report lack of software licenses or the fact that P2P software is allowed at the company.  I've seen these scenarios a few times in my consulting years, and it does happen. But I also think the asker is trying to curb any possible illegal activity as well as keep users focused and more on task, not to mention keeping viri exposure and other potential nasties away.
If there are company policies against using such software, and personal music stored on the PC is also not permitted, you may also consider posting alternatives that are acceptable, catch more flies with honey if you will. If music on the PC is not permitted, perhaps you can clarify to the users that a walkman/discman or small portable radio/cd/tape player is allowed as long as it does not disturb others...
I'll work a bit more on the script tomorrow, but I'd suspect you'd get a better answer from another TA such as:
http://www.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/
-rich
0
 

Author Comment

by:aruphelp
ID: 17995222
Our company has a central IT base in london and there is no way any member of staff can access file sharing,  p2p, torrents ect, it would never get past the proxy server/firewall, our users only have power user rights so they cant install any software, basically they are exchanging cd's and ripping them to their hard drives, brining in copied cd's and sharing them, or using portable 1gb pen drives and 60gb external usb hard drives and sharing music they have downloaded at home on torrents sites.
our company policy clearly states that copywright is prohibited, but at the same time we cant randomly search computers as it is a breach of privacy. so we want to run a file that will wipe them off the drives, they cant then come back to us and say 'you've deleted my 75 illegal albums that i had on my computer'

pccpr is right about the fine line, we have some top engineers who bring in big money, but their c: drive has 29gig of albums on it!! do we want to ring them up and tell them off, or do we just have a script that sorts it and we can shrug our shoulders and say its company policy.

we can just ignore it but when i comes to users saying my computer is rubbish and slow.......we find tons of illegal albums and cracked games......stressing or what!! i may have to move this request like richrumble says :(
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17995920
I can't seem to script this to a very reliable way, I'd put a pointer to this question in the TA I linked above, or have the moderators move the question. What would be even funnier through is to replace the files you find with an equivalent file that tells them they have broken company policy ;)
replace mp3 files with an mp3 of someone reading the policies, or a wav with that same mp3 converted ;)
I would also stress that if there are alternatives, such as users are allowed to use personal players such as a iPod, Walkman, Sirrus, or portable cd player- that you indicate that alternative to them. Also reminding them that they are not allowed to bring in and store audio/video files on your company PC's.

The script I posted above will detect most popular file Audio extensions, you may also consider trying to detect AV files, such as Avi, mpg, mpeg, rm, divx, mov, qt, and wmv
I can't seem to get my head around a good "IF" statement that will allow you to exclude certain filenames and or paths. I would create a list of known good files and their paths, and someone can code up a statement to skip those. To be thorough it's best if you have a white-list like this, users might get wise and determine that they can copy their files to a certain DIR and they won't be deleted... all it takes is one user that finds such an exception to spread the word...
Hopefully your company doesn't make jingles or company songs , you might delete a lot of hardwork :)
-rich
0
 

Author Comment

by:aruphelp
ID: 18003551
thanks, how do i get a moderator to move the question?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 18004784
Fastest way is to place a Q here: http://www.experts-exchange.com/Community_Support/
-rich
0
 
LVL 3

Accepted Solution

by:
mhts earned 500 total points
ID: 18193822
Your original question mentioned the use of usb pen drives and external HDs.

To lock those down, and to lock down (mis)uses of other ports, we've installed DeviceLock at many of our client's sites.

It has a silent client install to workstations / servers, a central management console, and the locking mechanisms are very granular. You can define certain peripherals as allowed for certain [or just one] port and keep the others locked down, or you can define that all ports are blocked except for usb keyboards, mice and printers, or you can block CD burning [or block access to CD drives entirely], or setup any number of other configurations).

http://www.devicelock.com/

Hope That Helps!
-mike
Always remember to help the community help itself. If someone's answer solves your problem, be sure to accept their answer so that it gets into the solutions area asap.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Clickfree HD 7 84
Windows 2012 session collection security. 2 61
Windows Master Password 11 49
Is this error real? 2 43
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now