Solved

Windows Server 2012

Posted on 2013-10-29
9
233 Views
Last Modified: 2013-11-02
Dear Experts,

In my organisation most of the users they don't have internet connection. Already through group policy  i gave deny access to usb storages for them. But some users are bringing personal usb modems & connecting their computer to that usb modem & getting access to internet.

My question is i want to block that usb modem also. how can i do it.

Please help.

Regards,

JCT
0
Comment
Question by:jct_777
  • 4
  • 3
  • 2
9 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 39610798
Make sure the policy is clearly stated and everyone is aware of it.
The  enforce the consequences when the policy violated.

Likely issue is the GPO does not apply on the system where the USB is being attached.

You could setup an internal proxy and the enforce it on the computer/user level, though it can be circumvented. Ref first paragraph.
0
 
LVL 1

Author Comment

by:jct_777
ID: 39610804
Hi ,

I did'nt understand what you meant to say. Can you please clarify once again.

Jct
0
 
LVL 77

Expert Comment

by:arnold
ID: 39611172
Tell your users that they are not allowed to connect any non hid (keyboard, mouse) USB devices. If they do, they will no longer be able/allowed, etc.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 1

Author Comment

by:jct_777
ID: 39612023
Hi,

My management asked me whether we can deny the access to  USB modem through group policy to users.

Is it possible. I need to give an answer to my management.

Regards,

JCT
0
 
LVL 77

Expert Comment

by:arnold
ID: 39613111
You can, the issue is whether the users are allowed to install drivers which might be required.

The issue is that a person with direct access to the system could login without some GPOs applying and possibly the USB enforcement being one of those.

Symantec SEP as an example have the option to lockout devices.

If you have not setup event log forwarding, you might want to consider setting a central event log collector.  You can the detect the event ID of such a device, and ........
Get into a setup that a notification is generated.
0
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 39613413
Please try blocking Custom device classes in GPO.

You can block modem using device class ID.
0
 
LVL 1

Author Comment

by:jct_777
ID: 39613652
Hi ,

I am having little confusion .  can you please explain by showing an example.

Regards,

JCT
0
 
LVL 10

Accepted Solution

by:
Gajendra Rathod earned 500 total points
ID: 39613698
Modem Class "4D36E96D-E325-11CE-BFC1-08002BE10318"

Go Computer Configuration | Administrative template Policy | System |Removable Storage Access.

Custom classes : Deny read access|Enable |add 4D36E96D-E325-11CE-BFC1-08002BE10318
Custom classes : Deny write access | Enable | add 4D36E96D-E325-11CE-BFC1-08002BE10318
0
 
LVL 1

Author Comment

by:jct_777
ID: 39615407
Dear Gajendra_Rathod,

Thank you very much for the help. Will apply the above configuration & will also update you.

Regards,

JCT
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My purpose is to describe the basic concepts of virtual memory as implemented in a modern Windows-based operating system. I will also describe the problems inherent in older systems and how virtual memory solves them. The dark ages - before virtu…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question