[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Restict USB devices and Windows 7

Posted on 2010-08-31
2
Medium Priority
?
622 Views
Last Modified: 2012-05-10
We have a 2003 AD.  About 2/3 of our computers are XP and we have about 1/3 of Windows 7 machines.  We have GPO that restricted USB devices by denying the System and Users groups permissions to the USBSTOR.INF and .PNF.  

This worked great on XP, but we are finding it doesn't work in Windows 7.  The permissions that were set via the GPO don't even replicate to the Windows 7 machine.  For a time there I couldn't view the permissions on the INF folder.  From my research I found the administrators group has to be the owner of the file instead of the TrustedInstaller.  Using takeown /f /r /a command I've taken ownership of the WINDOWS\INF folder.  My permissions change from GPO now are set on the machine but I still can plug in USB devices.

I make sure they are removed using devmgmt.msc, but when i log on as a regular user I I can still install a USB device.  I've tried adding and denying permissions to the Authenticated Users and Domain Users groups but this doesn't do any difference.

Please help!!!!
0
Comment
Question by:ozzalot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
frogmanalien earned 2000 total points
ID: 33570052
WindowsVista/ 7 has tried to make it easier to restrict access to USB devices with the Hardware restrictions group policy-
http://technet.microsoft.com/en-us/magazine/2007.06.grouppolicy.aspx
- you can basically set the option "Prevent installation of removable device" via gpo (under More Hardware Restrictions in the link provided).

Hope that helps
0
 
LVL 2

Expert Comment

by:dufyd
ID: 33571187
go into the group policy editor by typing gpedit.msc. Then configure Computer Configuration/Administrative Templates/System/Device Installation/Device Installation Restrictions/Prevent installation of removable devices. That should do it. :)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question