Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is it possible to lock down USB ports and CD/DVD drives using Microsft Group Policy?

Posted on 2008-10-03
8
Medium Priority
?
1,411 Views
Last Modified: 2012-05-05
Hi
Environment is: Windows Server 2003, XP Pro workstations, Dell Hardware
I need to disable or restrict users from using "unauthorised" USB devices and CD/DVD Drives on any of our Domain computers. The PC's currently have USB connections to Keyboards, printers and mice, so I am obviously keen to keep these active. Is there any easy way to implement this process?
Thanks
0
Comment
Question by:healthmanagement
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 5

Accepted Solution

by:
libin_v earned 128 total points
ID: 22632853
0
 
LVL 1

Assisted Solution

by:computerguy79
computerguy79 earned 124 total points
ID: 22635111
While the Microsoft link note by Libin V is great and FREE,
here's a GUI tool you can use. its a little pricey but worth the investment. (especially if you are weary about creating custom .adm files and adding them to your AD)

I used to work in a high school enviro. where the kids made removable media my worst nightmare.

This utility allows a more micromanaged approach to individual machines rather than having to tailor it to specific OU's .

Please note one thing about the above article:
"Preference settings are hidden by default in the Group Policy template editor. When applying this template, follow these instructions to change the view settings that allow preferences to be viewed"
 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/e50f1e64-d7e5-4b6d-87ff-adb3cf874365.mspx

Make sure you check this out and configure this setting or you won't see the .adm correctly and you'll be banging your head wondering why its not working.  

Good luck.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 124 total points
ID: 22645150
To disallow certain but not all usb devices using group policy you would need vista.
0
 
LVL 2

Assisted Solution

by:patrickrw
patrickrw earned 124 total points
ID: 23000693
I've used a program called device lock. Yes you must purchase the license but it works very good and allows USB keyboard's and mice to still operate correctly. It will also allow specific usb thumb drives to work based on brand/encryption type if you need that capability.

http://www.devicelock.com/dl/

There's the website with the information on the software.
Good luck!
0
 
LVL 56

Expert Comment

by:McKnife
ID: 24593792
I would like to object.
The MS article does not give an answer to the question that is really on his mind (which is different to the title as one can read in the question body) "The PC's currently have USB connections to Keyboards, printers and mice, so I am obviously keen to keep these active...?".
So I suggest the correct answer is: no, there is no way to do it with xp clients and MS GPOs without using third party software.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question