Solved

Is it possible to lock down USB ports and CD/DVD drives using Microsft Group Policy?

Posted on 2008-10-03
8
1,403 Views
Last Modified: 2012-05-05
Hi
Environment is: Windows Server 2003, XP Pro workstations, Dell Hardware
I need to disable or restrict users from using "unauthorised" USB devices and CD/DVD Drives on any of our Domain computers. The PC's currently have USB connections to Keyboards, printers and mice, so I am obviously keen to keep these active. Is there any easy way to implement this process?
Thanks
0
Comment
Question by:healthmanagement
8 Comments
 
LVL 5

Accepted Solution

by:
libin_v earned 32 total points
ID: 22632853
0
 
LVL 1

Assisted Solution

by:computerguy79
computerguy79 earned 31 total points
ID: 22635111
While the Microsoft link note by Libin V is great and FREE,
here's a GUI tool you can use. its a little pricey but worth the investment. (especially if you are weary about creating custom .adm files and adding them to your AD)

I used to work in a high school enviro. where the kids made removable media my worst nightmare.

This utility allows a more micromanaged approach to individual machines rather than having to tailor it to specific OU's .

Please note one thing about the above article:
"Preference settings are hidden by default in the Group Policy template editor. When applying this template, follow these instructions to change the view settings that allow preferences to be viewed"
 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/e50f1e64-d7e5-4b6d-87ff-adb3cf874365.mspx

Make sure you check this out and configure this setting or you won't see the .adm correctly and you'll be banging your head wondering why its not working.  

Good luck.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 31 total points
ID: 22645150
To disallow certain but not all usb devices using group policy you would need vista.
0
 
LVL 2

Assisted Solution

by:patrickrw
patrickrw earned 31 total points
ID: 23000693
I've used a program called device lock. Yes you must purchase the license but it works very good and allows USB keyboard's and mice to still operate correctly. It will also allow specific usb thumb drives to work based on brand/encryption type if you need that capability.

http://www.devicelock.com/dl/

There's the website with the information on the software.
Good luck!
0
 
LVL 54

Expert Comment

by:McKnife
ID: 24593792
I would like to object.
The MS article does not give an answer to the question that is really on his mind (which is different to the title as one can read in the question body) "The PC's currently have USB connections to Keyboards, printers and mice, so I am obviously keen to keep these active...?".
So I suggest the correct answer is: no, there is no way to do it with xp clients and MS GPOs without using third party software.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question