swpui
asked on
Organisation Security
Is there a way or program to block user frm using USB/DVD to theft away the data or to avoid virus spreading from USB pendrive?
I knew by using 2008 AD policy, it can be done, but when user bring their notebook back to home, nothing can be controlled.
How to have a strict organisation security?
I knew by using 2008 AD policy, it can be done, but when user bring their notebook back to home, nothing can be controlled.
How to have a strict organisation security?
ASKER
tried before, sometimes it will auto enable the flash drive when u use a new one
yes.. by default it will 4.. means that it is enabled...
you can use all the GPO settings to disable removable storage and hide the drives letter (using group policy preferences)
You can also get 3rd party products like lumension that will control registered USB devices. this will enable you to control whether they are at home or on the corporate LAN. this is probably the path you want to go down as this means you can control which USB sticks can be used and what for.
when you say bring their notebooks back i presume you are still talking about corporate notebooks.
You can also get 3rd party products like lumension that will control registered USB devices. this will enable you to control whether they are at home or on the corporate LAN. this is probably the path you want to go down as this means you can control which USB sticks can be used and what for.
when you say bring their notebooks back i presume you are still talking about corporate notebooks.
ASKER
I mean after I set to 1, I tested with flashdiskA, it was blocked. Later i test with flashdiskB, it can be read and I checked the regedit, it auto changed to 4.
can try set it to 3
have you tried using the group policy settings
Computer configuration\administrati ve templates\system\removable storage access
set these to disabled
also the same location for user configuration
Computer configuration\administrati
set these to disabled
also the same location for user configuration
Hello dear,
have you tried to use a Device Control program such Symantec EndPoint Protection that will enable you to block Device in general or by ID.
there are a lot of companies in market providing Device control Solution which enable you to control devices which is allowed and which is not.
have you tried to use a Device Control program such Symantec EndPoint Protection that will enable you to block Device in general or by ID.
there are a lot of companies in market providing Device control Solution which enable you to control devices which is allowed and which is not.
ASKER
If I have an XP pc, it can't be controlled using AD group policy setting
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is not working in XP environment!
ASKER
not really good
You just need to change the following registry key to any other value (less)...
HKEY_LOCAL_MACHINE\SYSTEM\
By default is 4.. which means the removable devices are read and write.. you can change to 1.
It disables the flash devices..
You can experiment on any computer.. Good luck