Solved

Prevent people from using USB storage drives on a domain.

Posted on 2010-11-09
6
1,214 Views
Last Modified: 2012-05-10
I am looking for a custom Group Policy to prevent people from plugging USB flash drives, portable hard drives and Media Card Readers to transfer data from and to my windows machines managed on a windows 2003 domain.

I manage 20 machines, 13 are Windows XP, 5 are Windows Seven and 2 are Windows Vista. I'm trying to setup a custom Group Policy that disables:

USB flash drives
USB portable hard drives
Removable media cards (SD, CF) or USB card readers

...without disabling document scanners or printers or any other USB devices.

I already tried...

(("Open registry and navigate to the following registry key:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\UsbStor
 
Now in the right pane, double-click Start and type 4 in the Value data box (Hexadecimal) and quite the registry editor. To enable the USB storage devices, change the Start value back to 3."))

... but I saw that it only disables portable USB hard drives, it does not disable reading from SD cards and I think it may have to be done on each machine.

Is there a problem when trying to set up group policies on a windows 2003 server to enable them on different windows clients (seven, vista and XP)?
0
Comment
Question by:carloslaso
6 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34097686
There is nothing wrong in trying it on server 2003 as long as it doesnt disrupt users. put a test machine or user in an OU create new policy link it to the OU. do gpupdate /force on client to see the immediate effetcs good luck
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 300 total points
ID: 34097770
A potentially easier, more comprehensive solution is to use a third party product like DriveLock - I have it at an attorney client I have and they like it.  Depending on who you log in as, they have the ability to copy everything they want to any USB device they want (the partners) OR they are denied access to copy the data to USB, CD, DVD, etc if they are the staff.  I believe DriveLock offers a trial and is AD based.
0
 
LVL 9

Expert Comment

by:djpazza
ID: 34097897
Here's the custom group policy you could use to block out USB and cd drives

http://support.microsoft.com/kb/555324
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:carloslaso
ID: 34099052
moon blue69: I already have a 2003 server and seven, vista and XP running, I thought that would not have been posible to implement.

leew: I like that option, I may have to try that if I don't find a custom group policy.

djpazza: I already tried that custom GP but I am having problems with the SD/CF cards
0
 
LVL 2

Assisted Solution

by:mitrum
mitrum earned 200 total points
ID: 34104787
I use  third party product called GFI EndPointSecurity  for the same, but it is not free. One free tool I tried was NetWrix USB Blocker witch provided free of charge (limited 50 managed computers) for use by organizations and individuals.
0
 
LVL 9

Expert Comment

by:djpazza
ID: 34111676
For the other devices how about this:

http://technet.microsoft.com/en-us/library/cc730808%28WS.10%29.aspx

Create a custom class based on the sd/cf guid's
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question