?
Solved

Organisation Security

Posted on 2012-03-30
12
Medium Priority
?
171 Views
Last Modified: 2013-10-21
Is there a way or program to block user frm using USB/DVD to theft away the data or to avoid virus spreading from USB pendrive?
I knew by using 2008 AD policy, it can be done, but when user bring their notebook back to home, nothing can be controlled.
How to have a strict organisation security?
0
Comment
Question by:swpui
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 10

Expert Comment

by:Murali
ID: 37785963
you can disable at registry level for all the computers in a domain...

You just need to change the following registry key to any other value (less)...

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start

By default is 4.. which means the removable devices are read and write.. you can change to 1.

It disables the flash devices..

You can experiment on any computer.. Good luck
0
 

Author Comment

by:swpui
ID: 37786003
tried before, sometimes it will auto enable the flash drive when u use a new one
0
 
LVL 10

Expert Comment

by:Murali
ID: 37786102
yes.. by default it will 4.. means that it is enabled...
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 18

Expert Comment

by:irweazelwallis
ID: 37786260
you can use all the GPO settings to disable removable storage and hide the drives letter (using group policy preferences)

You can also get 3rd party products like lumension that will control registered USB devices. this will enable you to control whether they are at home or on the corporate LAN. this is probably the path you want to go down as this means you can control which USB sticks can be used and what for.

when you say bring their notebooks back i presume you are still talking about corporate notebooks.
0
 

Author Comment

by:swpui
ID: 37786274
I mean after I set to 1, I tested with flashdiskA, it was blocked. Later i test with flashdiskB, it can be read and I checked the regedit, it auto changed to 4.
0
 
LVL 10

Expert Comment

by:Murali
ID: 37786375
can try set it to 3
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 37786440
have you tried using the group policy settings

Computer configuration\administrative templates\system\removable storage access

set these to disabled

also the same location for user configuration
0
 

Expert Comment

by:Y-IT
ID: 37790661
Hello dear,

have you tried to use a Device Control program such Symantec EndPoint Protection that will enable you to block Device in general or by ID.

there are a lot of companies in market providing Device control Solution which enable you to control devices which is allowed and which is not.
0
 

Author Comment

by:swpui
ID: 37794365
If I have an XP pc, it can't be controlled using AD group policy setting
0
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 1000 total points
ID: 37794915
you can try this custom ADM that was published by Petri

http://www.petri.co.il/disable_usb_disks_with_gpo.htm

failing that you are best off heading down the 3rd party product
0
 

Author Comment

by:swpui
ID: 37853963
This is not working in XP environment!
0
 

Author Closing Comment

by:swpui
ID: 39587104
not really good
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question