Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

what is the best way to disable USB on the network using GPO

Posted on 2011-04-20
7
Medium Priority
?
519 Views
Last Modified: 2012-05-11
Hello Experts.

I want to disable the using of flash drives and disk on keys on my network.
I know that the best way to do this is using GPO.
So i want to know the proper configuration to the GPO.
My DC is server 2008 and the client PC's is windows 7.

Thanks.
0
Comment
Question by:IT_Group1
7 Comments
 
LVL 12

Expert Comment

by:enachemc
ID: 35438513
you know that certain internal hardware is linked to USB ? for example bluetooth
do you want to disable USB Mice ?
0
 

Author Comment

by:IT_Group1
ID: 35438629
Hi enachemc

no i just want to disable mass storage devices and portable flash drives
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35438694
The best way to do this would be to remove the ability to install new hardware from all unprivileged accounts. This give you the ability to stop users from connecting not just USB storage devices, but any new HW as it won't allow installation.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:IT_Group1
ID: 35438759
Hi Chev_PCN

can you give me a brief on how to do this ?
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35438794
In your GMP console:
Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment.
Limit the "Load and unload device drivers" to administrator groups only.
0
 
LVL 5

Accepted Solution

by:
SaadAhmedFarooqui earned 2000 total points
ID: 35438931
You can disable USB storage device from group policy. You will need to extend the group policy by importing an administrative template, then the setting to disable usb storage devices will be aavailable just like other settings.

The settings ar available form microsoft from the following link:

http://support.microsoft.com/kb/555324
0
 

Author Closing Comment

by:IT_Group1
ID: 35715359
Thx
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question