Organisation Security

Is there a way or program to block user frm using USB/DVD to theft away the data or to avoid virus spreading from USB pendrive?
I knew by using 2008 AD policy, it can be done, but when user bring their notebook back to home, nothing can be controlled.
How to have a strict organisation security?
swpuiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MuraliCommented:
you can disable at registry level for all the computers in a domain...

You just need to change the following registry key to any other value (less)...

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start

By default is 4.. which means the removable devices are read and write.. you can change to 1.

It disables the flash devices..

You can experiment on any computer.. Good luck
0
swpuiAuthor Commented:
tried before, sometimes it will auto enable the flash drive when u use a new one
0
MuraliCommented:
yes.. by default it will 4.. means that it is enabled...
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

ChrisCommented:
you can use all the GPO settings to disable removable storage and hide the drives letter (using group policy preferences)

You can also get 3rd party products like lumension that will control registered USB devices. this will enable you to control whether they are at home or on the corporate LAN. this is probably the path you want to go down as this means you can control which USB sticks can be used and what for.

when you say bring their notebooks back i presume you are still talking about corporate notebooks.
0
swpuiAuthor Commented:
I mean after I set to 1, I tested with flashdiskA, it was blocked. Later i test with flashdiskB, it can be read and I checked the regedit, it auto changed to 4.
0
MuraliCommented:
can try set it to 3
0
ChrisCommented:
have you tried using the group policy settings

Computer configuration\administrative templates\system\removable storage access

set these to disabled

also the same location for user configuration
0
Y-ITCommented:
Hello dear,

have you tried to use a Device Control program such Symantec EndPoint Protection that will enable you to block Device in general or by ID.

there are a lot of companies in market providing Device control Solution which enable you to control devices which is allowed and which is not.
0
swpuiAuthor Commented:
If I have an XP pc, it can't be controlled using AD group policy setting
0
ChrisCommented:
you can try this custom ADM that was published by Petri

http://www.petri.co.il/disable_usb_disks_with_gpo.htm

failing that you are best off heading down the 3rd party product
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
swpuiAuthor Commented:
This is not working in XP environment!
0
swpuiAuthor Commented:
not really good
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.