Solved

Is it possible to lock down USB ports and CD/DVD drives using Microsft Group Policy?

Posted on 2008-10-03
8
1,400 Views
Last Modified: 2012-05-05
Hi
Environment is: Windows Server 2003, XP Pro workstations, Dell Hardware
I need to disable or restrict users from using "unauthorised" USB devices and CD/DVD Drives on any of our Domain computers. The PC's currently have USB connections to Keyboards, printers and mice, so I am obviously keen to keep these active. Is there any easy way to implement this process?
Thanks
0
Comment
Question by:healthmanagement
8 Comments
 
LVL 5

Accepted Solution

by:
libin_v earned 32 total points
ID: 22632853
0
 
LVL 1

Assisted Solution

by:computerguy79
computerguy79 earned 31 total points
ID: 22635111
While the Microsoft link note by Libin V is great and FREE,
here's a GUI tool you can use. its a little pricey but worth the investment. (especially if you are weary about creating custom .adm files and adding them to your AD)

I used to work in a high school enviro. where the kids made removable media my worst nightmare.

This utility allows a more micromanaged approach to individual machines rather than having to tailor it to specific OU's .

Please note one thing about the above article:
"Preference settings are hidden by default in the Group Policy template editor. When applying this template, follow these instructions to change the view settings that allow preferences to be viewed"
 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/e50f1e64-d7e5-4b6d-87ff-adb3cf874365.mspx

Make sure you check this out and configure this setting or you won't see the .adm correctly and you'll be banging your head wondering why its not working.  

Good luck.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 31 total points
ID: 22645150
To disallow certain but not all usb devices using group policy you would need vista.
0
 
LVL 2

Assisted Solution

by:patrickrw
patrickrw earned 31 total points
ID: 23000693
I've used a program called device lock. Yes you must purchase the license but it works very good and allows USB keyboard's and mice to still operate correctly. It will also allow specific usb thumb drives to work based on brand/encryption type if you need that capability.

http://www.devicelock.com/dl/

There's the website with the information on the software.
Good luck!
0
 
LVL 53

Expert Comment

by:McKnife
ID: 24593792
I would like to object.
The MS article does not give an answer to the question that is really on his mind (which is different to the title as one can read in the question body) "The PC's currently have USB connections to Keyboards, printers and mice, so I am obviously keen to keep these active...?".
So I suggest the correct answer is: no, there is no way to do it with xp clients and MS GPOs without using third party software.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now