I have got a client who have locked down their machines to stop users from accessing\copying files to removable storage devices such as CD/DVD-R's, USB Sticks, Floppy Drives basically they have went the whole way and locked down everything. The good news is this work's and now no one is able to access any removable storage, unfortunately there are a group of user's who require access to save, move, copy documents to and from removable storage.
They have disabled the Removable drives via GPO using the following article:
They have created two GPO's one for Disabling the Removable Storage and one for Enabling Removable Storage. I have ensured that the GPO for Enabling Removable Storage is applied to the machine after the one to Disable the storage.
Each GPO is set to only apply to a certain group either "Disable Removable Storage" which most users are a member of or "Enable Removable Storage" which only has the privileged users.
I have doubled checked the Enable Removable Devices GPO to ensure that the services have been started for each of the devices that should be accessed.
On each machined the Removable Storage Driver is stopped in services and I can't start it as I keep getting a "Code 5 unable to start this service because you do not have permissions" error.
If I run a gpresult on each machine I can see the user has had the Enable Removable Storage Policy applied. But they can't access anything.
Users are not members of any special groups on the workstation just "users"
Can someone please help me with this?
Many thanks in advance