Solved

Prevent people from using USB storage drives on a domain.

Posted on 2010-11-09
6
1,221 Views
Last Modified: 2012-05-10
I am looking for a custom Group Policy to prevent people from plugging USB flash drives, portable hard drives and Media Card Readers to transfer data from and to my windows machines managed on a windows 2003 domain.

I manage 20 machines, 13 are Windows XP, 5 are Windows Seven and 2 are Windows Vista. I'm trying to setup a custom Group Policy that disables:

USB flash drives
USB portable hard drives
Removable media cards (SD, CF) or USB card readers

...without disabling document scanners or printers or any other USB devices.

I already tried...

(("Open registry and navigate to the following registry key:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\UsbStor
 
Now in the right pane, double-click Start and type 4 in the Value data box (Hexadecimal) and quite the registry editor. To enable the USB storage devices, change the Start value back to 3."))

... but I saw that it only disables portable USB hard drives, it does not disable reading from SD cards and I think it may have to be done on each machine.

Is there a problem when trying to set up group policies on a windows 2003 server to enable them on different windows clients (seven, vista and XP)?
0
Comment
Question by:carloslaso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34097686
There is nothing wrong in trying it on server 2003 as long as it doesnt disrupt users. put a test machine or user in an OU create new policy link it to the OU. do gpupdate /force on client to see the immediate effetcs good luck
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 300 total points
ID: 34097770
A potentially easier, more comprehensive solution is to use a third party product like DriveLock - I have it at an attorney client I have and they like it.  Depending on who you log in as, they have the ability to copy everything they want to any USB device they want (the partners) OR they are denied access to copy the data to USB, CD, DVD, etc if they are the staff.  I believe DriveLock offers a trial and is AD based.
0
 
LVL 9

Expert Comment

by:djpazza
ID: 34097897
Here's the custom group policy you could use to block out USB and cd drives

http://support.microsoft.com/kb/555324
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:carloslaso
ID: 34099052
moon blue69: I already have a 2003 server and seven, vista and XP running, I thought that would not have been posible to implement.

leew: I like that option, I may have to try that if I don't find a custom group policy.

djpazza: I already tried that custom GP but I am having problems with the SD/CF cards
0
 
LVL 2

Assisted Solution

by:mitrum
mitrum earned 200 total points
ID: 34104787
I use  third party product called GFI EndPointSecurity  for the same, but it is not free. One free tool I tried was NetWrix USB Blocker witch provided free of charge (limited 50 managed computers) for use by organizations and individuals.
0
 
LVL 9

Expert Comment

by:djpazza
ID: 34111676
For the other devices how about this:

http://technet.microsoft.com/en-us/library/cc730808%28WS.10%29.aspx

Create a custom class based on the sd/cf guid's
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Learn about cloud computing and its benefits for small business owners.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question