Solved

Block Usb Storage Devices

Posted on 2011-09-13
4
288 Views
Last Modified: 2012-05-12
Hello,

I am unable to fix this problem from last couple of days. I tried all the way to block USB using group policy but I am unsucceeded. Anyone help me how to fix this problem clearly(step to step procedure).

Procedure I Tried :

1) Creating OU in active directory
2) Adding users and computers to that OU
3) Go to OU properties select group policy, Under group policy click on OPEN tab to open Group Policy Management.
4) Create one Group Policy and link it to OU.
5) Right Click on that Group Policy and Edit.
6) Group Policy Object Editor screen will appears.
7) Right Click on Administrative Templates under Computer Configuration select Add/Remove Template.
8) Add .ADM file which is downloaded from Microsoft site.
9) In Group Policy Object Editor Right Click on Administrative Templates under Computer Configuration select VIEW > Filtering.
10) Click to un-select the "Only show policy settings that can be fully managed" check-box. Click Ok.
11) Computer Configuration > Administrative Templates > Custom Policy Settings > Restrict Drivers, Now you will be able to see the new settings in the right pane.
12) Double Click on Disable USB Removable Drivers, Check the Enable option stopped the usbstore.sys driver option and then click on ok


After completion of this process, I login into a workstation with restricted user account , Then I inserted a usb drive in that machine USB port, But I found it is detecting.

Advice?

Maby Security settings from the gpo side?

0
Comment
Question by:Senx
  • 2
4 Comments
 
LVL 5

Expert Comment

by:AdamJur
ID: 36532086
run gpresult from command line to tell whether the Group Policy is actually being applied.

If not listed:  run>   gpupdate /force

check gpresult again.

If the policy appears to be applied check the windows event logs to see if there were errors applying the group policy.

take that custom ADM and apply it locally instead. from your workstation, run gpedit.msc and import the adm you created. perform gpupdate /force or reboot. If this still fails then your ADM is probably configured incorrectly.

Hope this sets you in the right direction.
0
 

Author Comment

by:Senx
ID: 36910717
Yes
its still fail
0
 

Author Comment

by:Senx
ID: 36947767
There is another ideas how to deal with that issue?

thanks.
0
 
LVL 14

Accepted Solution

by:
Rob Miners earned 125 total points
ID: 37010228
See if this helps

Deploying Custom Registry Changes through Group Policy

http://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx


How can I prevent users from connecting to a USB storage device?

http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now