• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 648
  • Last Modified:

Restict USB devices and Windows 7

We have a 2003 AD.  About 2/3 of our computers are XP and we have about 1/3 of Windows 7 machines.  We have GPO that restricted USB devices by denying the System and Users groups permissions to the USBSTOR.INF and .PNF.  

This worked great on XP, but we are finding it doesn't work in Windows 7.  The permissions that were set via the GPO don't even replicate to the Windows 7 machine.  For a time there I couldn't view the permissions on the INF folder.  From my research I found the administrators group has to be the owner of the file instead of the TrustedInstaller.  Using takeown /f /r /a command I've taken ownership of the WINDOWS\INF folder.  My permissions change from GPO now are set on the machine but I still can plug in USB devices.

I make sure they are removed using devmgmt.msc, but when i log on as a regular user I I can still install a USB device.  I've tried adding and denying permissions to the Authenticated Users and Domain Users groups but this doesn't do any difference.

Please help!!!!
0
ozzalot
Asked:
ozzalot
1 Solution
 
frogmanalienCommented:
WindowsVista/ 7 has tried to make it easier to restrict access to USB devices with the Hardware restrictions group policy-
http://technet.microsoft.com/en-us/magazine/2007.06.grouppolicy.aspx
- you can basically set the option "Prevent installation of removable device" via gpo (under More Hardware Restrictions in the link provided).

Hope that helps
0
 
dufydCommented:
go into the group policy editor by typing gpedit.msc. Then configure Computer Configuration/Administrative Templates/System/Device Installation/Device Installation Restrictions/Prevent installation of removable devices. That should do it. :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now