ashdennis
asked on
Block USB mass storage via GPO
Can someone guide me how to create a GPO to block specific users from using USB mass storage devices on windows active directory computers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A lot depends on what version of Server OS you have
This Article should help
http://social.technet.microsoft.com/Forums/windowsserver/en-US/5e10c51a-5d58-4648-8779-aec402efd567/disable-usb-mass-storage-through-gp-across-windows-7-xp-but-usb-keyboard-mouse-should
This Article should help
http://social.technet.microsoft.com/Forums/windowsserver/en-US/5e10c51a-5d58-4648-8779-aec402efd567/disable-usb-mass-storage-through-gp-across-windows-7-xp-but-usb-keyboard-mouse-should
this question is already answered in EE. See below link for the same.
https://www.experts-exchange.com/questions/28088854/Restricted-USB-Using-Group-Policy.html
https://www.experts-exchange.com/questions/28088854/Restricted-USB-Using-Group-Policy.html
Pretty simple really.
In the GPO go to the following:
Computer Configuration > Policies > Administrative Templates > System > Removable Storage Access
You can Deny read and write access in there. You also might want to consider disabling autoplay also. This rule applies to all removable like external HD's, Flash drives, phone storage etc.
In the GPO go to the following:
Computer Configuration > Policies > Administrative Templates > System > Removable Storage Access
You can Deny read and write access in there. You also might want to consider disabling autoplay also. This rule applies to all removable like external HD's, Flash drives, phone storage etc.
Take a look at this technet as it illustrates how to accomplish this using Group Policy or Group Policy Preferences. (screenshots included).
http://blogs.technet.com/b/danstolts/archive/2009/01/21/disable-adding-usb-drive-and-memory-sticks-via-group-policy-and-group-policy-preferences.aspx
Will.
http://blogs.technet.com/b/danstolts/archive/2009/01/21/disable-adding-usb-drive-and-memory-sticks-via-group-policy-and-group-policy-preferences.aspx
Will.
ASKER
Interesting, got it work by applying it to myself as a test. however when I remove myself from the GPO it does not restore the feature. BTW the link to www.petri.co.il was most helpful.
For some GPOs they won't go away unless you specify the opposite option (disable instead of enable, for example). THe image http://www.petri.co.il/images/disable_usb_disks_1.gif shows it about to mention how to re-enable it but it gets cut off and I can't check it at the moment. If you read the description of the GPO it should have the details on how to re-enable it.
ASKER
Thanks all, WMI filtering, can you share a link how to?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open GPMC – User configuration – Policy – Administrative template – System – Removable storage Access.
Enable deny Read/Write Access.
http://www.petri.co.il/disable_usb_disks_with_gpo.htm#