• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1414
  • Last Modified:

Is it possible to lock down USB ports and CD/DVD drives using Microsft Group Policy?

Hi
Environment is: Windows Server 2003, XP Pro workstations, Dell Hardware
I need to disable or restrict users from using "unauthorised" USB devices and CD/DVD Drives on any of our Domain computers. The PC's currently have USB connections to Keyboards, printers and mice, so I am obviously keen to keep these active. Is there any easy way to implement this process?
Thanks
0
healthmanagement
Asked:
healthmanagement
4 Solutions
 
libin_vCommented:
0
 
computerguy79Commented:
While the Microsoft link note by Libin V is great and FREE,
here's a GUI tool you can use. its a little pricey but worth the investment. (especially if you are weary about creating custom .adm files and adding them to your AD)

I used to work in a high school enviro. where the kids made removable media my worst nightmare.

This utility allows a more micromanaged approach to individual machines rather than having to tailor it to specific OU's .

Please note one thing about the above article:
"Preference settings are hidden by default in the Group Policy template editor. When applying this template, follow these instructions to change the view settings that allow preferences to be viewed"
 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/e50f1e64-d7e5-4b6d-87ff-adb3cf874365.mspx

Make sure you check this out and configure this setting or you won't see the .adm correctly and you'll be banging your head wondering why its not working.  

Good luck.
0
 
McKnifeCommented:
To disallow certain but not all usb devices using group policy you would need vista.
0
 
patrickrwCommented:
I've used a program called device lock. Yes you must purchase the license but it works very good and allows USB keyboard's and mice to still operate correctly. It will also allow specific usb thumb drives to work based on brand/encryption type if you need that capability.

http://www.devicelock.com/dl/

There's the website with the information on the software.
Good luck!
0
 
McKnifeCommented:
I would like to object.
The MS article does not give an answer to the question that is really on his mind (which is different to the title as one can read in the question body) "The PC's currently have USB connections to Keyboards, printers and mice, so I am obviously keen to keep these active...?".
So I suggest the correct answer is: no, there is no way to do it with xp clients and MS GPOs without using third party software.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now