Solved

Block Usb Storage Devices

Posted on 2011-09-13
4
294 Views
Last Modified: 2012-05-12
Hello,

I am unable to fix this problem from last couple of days. I tried all the way to block USB using group policy but I am unsucceeded. Anyone help me how to fix this problem clearly(step to step procedure).

Procedure I Tried :

1) Creating OU in active directory
2) Adding users and computers to that OU
3) Go to OU properties select group policy, Under group policy click on OPEN tab to open Group Policy Management.
4) Create one Group Policy and link it to OU.
5) Right Click on that Group Policy and Edit.
6) Group Policy Object Editor screen will appears.
7) Right Click on Administrative Templates under Computer Configuration select Add/Remove Template.
8) Add .ADM file which is downloaded from Microsoft site.
9) In Group Policy Object Editor Right Click on Administrative Templates under Computer Configuration select VIEW > Filtering.
10) Click to un-select the "Only show policy settings that can be fully managed" check-box. Click Ok.
11) Computer Configuration > Administrative Templates > Custom Policy Settings > Restrict Drivers, Now you will be able to see the new settings in the right pane.
12) Double Click on Disable USB Removable Drivers, Check the Enable option stopped the usbstore.sys driver option and then click on ok


After completion of this process, I login into a workstation with restricted user account , Then I inserted a usb drive in that machine USB port, But I found it is detecting.

Advice?

Maby Security settings from the gpo side?

0
Comment
Question by:Senx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:AdamJur
ID: 36532086
run gpresult from command line to tell whether the Group Policy is actually being applied.

If not listed:  run>   gpupdate /force

check gpresult again.

If the policy appears to be applied check the windows event logs to see if there were errors applying the group policy.

take that custom ADM and apply it locally instead. from your workstation, run gpedit.msc and import the adm you created. perform gpupdate /force or reboot. If this still fails then your ADM is probably configured incorrectly.

Hope this sets you in the right direction.
0
 

Author Comment

by:Senx
ID: 36910717
Yes
its still fail
0
 

Author Comment

by:Senx
ID: 36947767
There is another ideas how to deal with that issue?

thanks.
0
 
LVL 14

Accepted Solution

by:
Rob Miners earned 125 total points
ID: 37010228
See if this helps

Deploying Custom Registry Changes through Group Policy

http://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx


How can I prevent users from connecting to a USB storage device?

http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question