Solved

How to block Active Directory users from copying, exporting to external media?

Posted on 2008-10-07
6
332 Views
Last Modified: 2012-05-05
Hello Experts! I need to block users in a specific Active Directory Container (SBS 2003) from Domain desktops to External Media (Flash Drives, CD's/DVD's). I know disabling right click is straighforward enough. Had a few ideas. One, block all drives except sanctioned mapped drives. Need to know if that is possible or if there is a simpler solution.
0
Comment
Question by:nikdonovanau
6 Comments
 

Expert Comment

by:xprog
ID: 22659229
we use device lock
http://www.devicelock.com/

Works well
0
 
LVL 4

Accepted Solution

by:
lscapa earned 200 total points
ID: 22659272
You can use a GP to disable the drives except for C: from showing up in my computer or being usable. If you want to disable all USB disk systems this is a great artical on how...
http://www.petri.co.il/disable_usb_disks_with_gpo.htm
 
0
 
LVL 8

Assisted Solution

by:rjwesley
rjwesley earned 50 total points
ID: 22659280
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 4

Assisted Solution

by:lscapa
lscapa earned 200 total points
ID: 22659294
http://support.microsoft.com/default.aspx?scid=kb;en-us;555324
Includes the code for creating the custom adm file that can be uploaded to the GP... this will take care of both.
0
 
LVL 4

Expert Comment

by:lscapa
ID: 22659295
nice post rj I had to go find it again.. lol
0
 
LVL 1

Author Closing Comment

by:nikdonovanau
ID: 31503826
Cheers guys, I ended up going for the idiot guide. As always, experts indeed!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now