We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

restrict usb ports for storage devices

Medium Priority
955 Views
Last Modified: 2012-06-21
hi

i want to restrict users from accessing usb storage devices from there systems.  we have windows server 2003 domain and windows 2000, xp, vista clients. i got the links how to restrict in workstation as well as in domain through group policies. i am able to do in workstation but i am unable to do it in domain level.

the links are:

http://www.petri.co.il/disable_usb_disks_with_gpo.htm

http://www.petri.co.il/forums/showthread.php?t=3299

please help me.
Comment
Watch Question

Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
I would create a new Group Policy at domain level as well and avoid using the existing one as well. You have a better view of your organization's policies that way and it is best practice to avoid putting everything under default policy.

Commented:
If you're trying to restrict the use of the USB drive entirely, then why not just disable it in the BIOS of the workstation, setup a password for system changes prior to deployment to the end user and then just be done with it.

Author

Commented:
if i disable in BIOS i cant use usb keyboard, mouse and any other USB input devices.

i did all the things as in pretri link. but its not working in domain level.

please help me.
Always have a test OU with test computer and user in place in your AD and ALWAYS test new policies before pushing them to live environment.

Can you please create a test OU, apply the policy there and try ?

Did you use gpupdate/force? computers need to restart to take new policies if the command is not run.
Have you waited for DC replication?
Policies take some time to apply.

Run gpupdate/force amd then gpresult  to view which policies are applied on a client where the policy was applied.

Author

Commented:
i created test OU and computer and user.
i applied group policy settings and i used gpupdate /force
i have only one DC.

when i am checking for gpresult its not showing the group policy i applied to the OU.

i did the below way:
OU --- properties --- group policy ---- edit --- changed the settings and closed all the windows
gpupdate /forece i used and i tried with the user who's the member of that OU. but its not working. i restarted the client. i logged into the machine before restart and after restart also but no result.


i didnt see the policy name in the list when i used guresult.


Can you test if it is ok in  GPMC? To check if a policy has been applied to a user or computer is to use the gp management console to create a rsop (resultant set of policy) report using the GP Results Wizard for the specific user or computer.

Here is a nice guide to test policies with gpmc and rsop :)

http://windows-secure.net/Addison.Wesley-Windows.Server/0321305019/ch09lev1sec1.html

Let us know who it goes  ^^ and if u get errors.
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Commented:
What is the make/model (brand name) of the workstation, or do you have multiple different systems?
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.