?
Solved

Restict USB devices and Windows 7

Posted on 2010-08-31
2
Medium Priority
?
618 Views
Last Modified: 2012-05-10
We have a 2003 AD.  About 2/3 of our computers are XP and we have about 1/3 of Windows 7 machines.  We have GPO that restricted USB devices by denying the System and Users groups permissions to the USBSTOR.INF and .PNF.  

This worked great on XP, but we are finding it doesn't work in Windows 7.  The permissions that were set via the GPO don't even replicate to the Windows 7 machine.  For a time there I couldn't view the permissions on the INF folder.  From my research I found the administrators group has to be the owner of the file instead of the TrustedInstaller.  Using takeown /f /r /a command I've taken ownership of the WINDOWS\INF folder.  My permissions change from GPO now are set on the machine but I still can plug in USB devices.

I make sure they are removed using devmgmt.msc, but when i log on as a regular user I I can still install a USB device.  I've tried adding and denying permissions to the Authenticated Users and Domain Users groups but this doesn't do any difference.

Please help!!!!
0
Comment
Question by:ozzalot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
frogmanalien earned 2000 total points
ID: 33570052
WindowsVista/ 7 has tried to make it easier to restrict access to USB devices with the Hardware restrictions group policy-
http://technet.microsoft.com/en-us/magazine/2007.06.grouppolicy.aspx
- you can basically set the option "Prevent installation of removable device" via gpo (under More Hardware Restrictions in the link provided).

Hope that helps
0
 
LVL 2

Expert Comment

by:dufyd
ID: 33571187
go into the group policy editor by typing gpedit.msc. Then configure Computer Configuration/Administrative Templates/System/Device Installation/Device Installation Restrictions/Prevent installation of removable devices. That should do it. :)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this o…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Suggested Courses
Course of the Month11 days, 18 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question