Solved

Restict USB devices and Windows 7

Posted on 2010-08-31
2
608 Views
Last Modified: 2012-05-10
We have a 2003 AD.  About 2/3 of our computers are XP and we have about 1/3 of Windows 7 machines.  We have GPO that restricted USB devices by denying the System and Users groups permissions to the USBSTOR.INF and .PNF.  

This worked great on XP, but we are finding it doesn't work in Windows 7.  The permissions that were set via the GPO don't even replicate to the Windows 7 machine.  For a time there I couldn't view the permissions on the INF folder.  From my research I found the administrators group has to be the owner of the file instead of the TrustedInstaller.  Using takeown /f /r /a command I've taken ownership of the WINDOWS\INF folder.  My permissions change from GPO now are set on the machine but I still can plug in USB devices.

I make sure they are removed using devmgmt.msc, but when i log on as a regular user I I can still install a USB device.  I've tried adding and denying permissions to the Authenticated Users and Domain Users groups but this doesn't do any difference.

Please help!!!!
0
Comment
Question by:ozzalot
2 Comments
 
LVL 3

Accepted Solution

by:
frogmanalien earned 500 total points
ID: 33570052
WindowsVista/ 7 has tried to make it easier to restrict access to USB devices with the Hardware restrictions group policy-
http://technet.microsoft.com/en-us/magazine/2007.06.grouppolicy.aspx
- you can basically set the option "Prevent installation of removable device" via gpo (under More Hardware Restrictions in the link provided).

Hope that helps
0
 
LVL 2

Expert Comment

by:dufyd
ID: 33571187
go into the group policy editor by typing gpedit.msc. Then configure Computer Configuration/Administrative Templates/System/Device Installation/Device Installation Restrictions/Prevent installation of removable devices. That should do it. :)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question