USB restriction for non admin users
Posted on 2009-04-02
I have been working on a business need to disable some specefic USB devices for users , the case is that we need to prevent users from connecting their personal USB wireless devices / pen drives ,etc.. Except for the ones admin users install for them , we do not need to disable USB devices all in all , I can do that using GPO or by editing the registry without issues, we need to limit the USB devices to only the ones that are already installed, however the issue here is that when users try to connect a USB wireless device of the same brand that the Admin has previously installed, the device will work without issue,since an admin user has already installed the driver previously , my question is :-
- Is there a possible way to deny activating the device if this particular device was not installed before ?
- What exactly are the device driver file names for Wireless USB Connect cards / 3g Wireless devices ?
- Is there any freeware tool that can acheive this as well ? (restrict installing USB devices other than the ones already isntalled based on Device ID or Mac address maybe ?)
I had an idea which is to use NTFS permissions to Deny everyone access on the File USBSTOR.SYS & USBSTOR.PNF located under C:\windows\system32\drivers
I had an idea that windows will try to obtain the driver from that location when a device is connected for the first time, and will use the same driver from Dllcache folder , this did not do the trick, thanks in advance for your time & assistance