Solved

Restict USB devices and Windows 7

Posted on 2010-08-31
2
606 Views
Last Modified: 2012-05-10
We have a 2003 AD.  About 2/3 of our computers are XP and we have about 1/3 of Windows 7 machines.  We have GPO that restricted USB devices by denying the System and Users groups permissions to the USBSTOR.INF and .PNF.  

This worked great on XP, but we are finding it doesn't work in Windows 7.  The permissions that were set via the GPO don't even replicate to the Windows 7 machine.  For a time there I couldn't view the permissions on the INF folder.  From my research I found the administrators group has to be the owner of the file instead of the TrustedInstaller.  Using takeown /f /r /a command I've taken ownership of the WINDOWS\INF folder.  My permissions change from GPO now are set on the machine but I still can plug in USB devices.

I make sure they are removed using devmgmt.msc, but when i log on as a regular user I I can still install a USB device.  I've tried adding and denying permissions to the Authenticated Users and Domain Users groups but this doesn't do any difference.

Please help!!!!
0
Comment
Question by:ozzalot
2 Comments
 
LVL 3

Accepted Solution

by:
frogmanalien earned 500 total points
Comment Utility
WindowsVista/ 7 has tried to make it easier to restrict access to USB devices with the Hardware restrictions group policy-
http://technet.microsoft.com/en-us/magazine/2007.06.grouppolicy.aspx
- you can basically set the option "Prevent installation of removable device" via gpo (under More Hardware Restrictions in the link provided).

Hope that helps
0
 
LVL 2

Expert Comment

by:dufyd
Comment Utility
go into the group policy editor by typing gpedit.msc. Then configure Computer Configuration/Administrative Templates/System/Device Installation/Device Installation Restrictions/Prevent installation of removable devices. That should do it. :)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I recently purchased an HP EliteBook 2540p notebook/laptop. It has two video ports on it – VGA and DisplayPort. HP offers an optional docking station for the 2540p that also has both a VGA port and a DisplayPort. There are numerous online reports do…
Hi Friends, These registry tweaks will help you optimizing your Windows 7 system for any VDI. This will improve the machine performanance and can be used on normal systems also. These are few registry tweaks which will add value by enhancing the …
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now