• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

How can we ban music sharing and external hard drives?

our company is having a big problem with music and software sharing, we can ban file shares but users are bringing in music and other illegal material on usb pens and external hard drives, we dont want to ban usb devices as staff need them frequently for work, but is there a way to specify a certain hard drive limitaion?
we have viewed peoples hard disks and they all have the same albums and cracked software, but disciplining them is a real grey area as we shouldn't spy on them.

we have written a script to delete .mp3/.wma ect but this interferes with windows system files and installed software. we know about treesize for our server drives, but local drives are a big problem for us. its mainly a local drive issue, is there any software out there or good pre-written scripts?

Any ideas??
1 Solution
Dear aruphelp,

You can stop this only by User education and bringing some strict security policies and request your users to adhere to it.

Rich RumbleSecurity SamuraiCommented:
As stated, good policies are the place to start next is enforcing them. Here are some great policies that you can easily make your own:
There are GroupPolicies in active directory to prevent external usb's and harddrives... but burned CD's can still be brought in
There is also a few 3rd parties too http://www.fullarmor.com/products-intellipolicy.htm

I've consulted for many companies in the same situation, and when the PC's are company owned, so is all the data on it, and your not spying. If you have policies in place that state this fact all the better. You may need to consider ghosting or reimaging the PC's and get them all back to "square" if possible. HR should handle the reitteration of the company policies, everyone gets a clean-slate, past possible violations are forgotten, going forward violations will be acted upon per company policy.

If you can take away admin rights, you'll have far less to worry about for installed software such as P2P's. You may also consider implimenting snort which can detect many of the popular programs. It's not enough to put in policies and check up on them here an there, you need to check all the time really.
aruphelpAuthor Commented:
Is there a good batch file that would remove .mp3 .wav .wma files but could avoid the program files and windows folder?
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Rich RumbleSecurity SamuraiCommented:
Sure, batch files are easy to write, you have a few choices in how you would implement them, a scheduled task on each of the users pc's, a scheduled task on a remote pc.
This script can be copied to a text file and renamed from .txt to .vbs, then all you have to do is schedule the task

strComputer = "."
WScript.Echo "=========================================="
WScript.Echo "Computer: " & strComputer
WScript.Echo "=========================================="
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colFiles = objWMIService.ExecQuery _
    ("Select * from CIM_Datafile Where Extension = 'mp3' OR Extension = 'wav' OR Extension = 'wma'")
For Each objFile in colFiles
    Wscript.Echo "Name: " & objFile.Name

or you can put in a list of PC's if you wish to do this remotely from another pc, just change the first line like this:
strComputer = "", "", ""
strComputer = "PcName1", "Pcname2", "PcName3"
Just quote the name and or ip's and separate with a comma. To call this script create a batch file (a .txt file renamed to .bat) Just need this line
cscript /nologo find-audio.vbs  
(find-audio.vbs is the name of the script above) You can simply create a scheduled task that points to the batch file.

That script will echo the Computers name, and list each file on the pc. Output looks like this
Name: c:\program files\ahead\nero\boo.wav
Name: c:\program files\ahead\nero\dingdong.wav
Name: c:\program files\ahead\nero\trumpet1.wav
Name: c:\program files\msn messenger\newalert.wma
Name: c:\program files\msn messenger\newemail.wma
Name: c:\program files\msn messenger\nudge.wma
Name: c:\program files\msn messenger\online.wma
I've not sorted out how to exclude certain directories yet... perhaps a pointer to this question in the VBS TA

aruphelpAuthor Commented:
Thanks for the help guys, its just fine tuning i need really, ideally a well equipped batch file that we could run that would delete the music but avoid the windows folder ect. i cant seem to find a solid solution anywhere.
Rich RumbleSecurity SamuraiCommented:
I'm working on a script to take all permissions away from audio files, and only allow the local administrator account to access them, that way they are still recoverable if you grab the wrong file... and it will tick users off :)
OK this might sound wierd...but do they NEED audio for anything?   Instead of hunting down all the files, just disable the playback hardware.

Just disable the sound!  

Mandatory user profiles, alerts and alarms when bypassed, removal of auido capabilities from supplied software, etc

The seek and destroy sound files seems a bit heavy handed as the first step.  

PS it's a fine line...getting them pissed off enough to behave....but not pissed off enough to misbehave!!

Rich RumbleSecurity SamuraiCommented:
The playback isn't the point... it's the downloading and possible legal action from such groups as the RIAA or fellow employees turned extortionists that might try to make trouble. It's not uncommon that a disgruntled/downsized employee will try to report lack of software licenses or the fact that P2P software is allowed at the company.  I've seen these scenarios a few times in my consulting years, and it does happen. But I also think the asker is trying to curb any possible illegal activity as well as keep users focused and more on task, not to mention keeping viri exposure and other potential nasties away.
If there are company policies against using such software, and personal music stored on the PC is also not permitted, you may also consider posting alternatives that are acceptable, catch more flies with honey if you will. If music on the PC is not permitted, perhaps you can clarify to the users that a walkman/discman or small portable radio/cd/tape player is allowed as long as it does not disturb others...
I'll work a bit more on the script tomorrow, but I'd suspect you'd get a better answer from another TA such as:
aruphelpAuthor Commented:
Our company has a central IT base in london and there is no way any member of staff can access file sharing,  p2p, torrents ect, it would never get past the proxy server/firewall, our users only have power user rights so they cant install any software, basically they are exchanging cd's and ripping them to their hard drives, brining in copied cd's and sharing them, or using portable 1gb pen drives and 60gb external usb hard drives and sharing music they have downloaded at home on torrents sites.
our company policy clearly states that copywright is prohibited, but at the same time we cant randomly search computers as it is a breach of privacy. so we want to run a file that will wipe them off the drives, they cant then come back to us and say 'you've deleted my 75 illegal albums that i had on my computer'

pccpr is right about the fine line, we have some top engineers who bring in big money, but their c: drive has 29gig of albums on it!! do we want to ring them up and tell them off, or do we just have a script that sorts it and we can shrug our shoulders and say its company policy.

we can just ignore it but when i comes to users saying my computer is rubbish and slow.......we find tons of illegal albums and cracked games......stressing or what!! i may have to move this request like richrumble says :(
Rich RumbleSecurity SamuraiCommented:
I can't seem to script this to a very reliable way, I'd put a pointer to this question in the TA I linked above, or have the moderators move the question. What would be even funnier through is to replace the files you find with an equivalent file that tells them they have broken company policy ;)
replace mp3 files with an mp3 of someone reading the policies, or a wav with that same mp3 converted ;)
I would also stress that if there are alternatives, such as users are allowed to use personal players such as a iPod, Walkman, Sirrus, or portable cd player- that you indicate that alternative to them. Also reminding them that they are not allowed to bring in and store audio/video files on your company PC's.

The script I posted above will detect most popular file Audio extensions, you may also consider trying to detect AV files, such as Avi, mpg, mpeg, rm, divx, mov, qt, and wmv
I can't seem to get my head around a good "IF" statement that will allow you to exclude certain filenames and or paths. I would create a list of known good files and their paths, and someone can code up a statement to skip those. To be thorough it's best if you have a white-list like this, users might get wise and determine that they can copy their files to a certain DIR and they won't be deleted... all it takes is one user that finds such an exception to spread the word...
Hopefully your company doesn't make jingles or company songs , you might delete a lot of hardwork :)
aruphelpAuthor Commented:
thanks, how do i get a moderator to move the question?
Rich RumbleSecurity SamuraiCommented:
Fastest way is to place a Q here: http://www.experts-exchange.com/Community_Support/
Your original question mentioned the use of usb pen drives and external HDs.

To lock those down, and to lock down (mis)uses of other ports, we've installed DeviceLock at many of our client's sites.

It has a silent client install to workstations / servers, a central management console, and the locking mechanisms are very granular. You can define certain peripherals as allowed for certain [or just one] port and keep the others locked down, or you can define that all ports are blocked except for usb keyboards, mice and printers, or you can block CD burning [or block access to CD drives entirely], or setup any number of other configurations).


Hope That Helps!
Always remember to help the community help itself. If someone's answer solves your problem, be sure to accept their answer so that it gets into the solutions area asap.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now