Windows Server 2012

Dear Experts,

In my organisation most of the users they don't have internet connection. Already through group policy  i gave deny access to usb storages for them. But some users are bringing personal usb modems & connecting their computer to that usb modem & getting access to internet.

My question is i want to block that usb modem also. how can i do it.

Please help.

Regards,

JCT
LVL 1
jct_777Asked:
Who is Participating?
 
Gajendra RathodConnect With a Mentor Sr. System AdministratorCommented:
Modem Class "4D36E96D-E325-11CE-BFC1-08002BE10318"

Go Computer Configuration | Administrative template Policy | System |Removable Storage Access.

Custom classes : Deny read access|Enable |add 4D36E96D-E325-11CE-BFC1-08002BE10318
Custom classes : Deny write access | Enable | add 4D36E96D-E325-11CE-BFC1-08002BE10318
0
 
arnoldCommented:
Make sure the policy is clearly stated and everyone is aware of it.
The  enforce the consequences when the policy violated.

Likely issue is the GPO does not apply on the system where the USB is being attached.

You could setup an internal proxy and the enforce it on the computer/user level, though it can be circumvented. Ref first paragraph.
0
 
jct_777Author Commented:
Hi ,

I did'nt understand what you meant to say. Can you please clarify once again.

Jct
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
arnoldCommented:
Tell your users that they are not allowed to connect any non hid (keyboard, mouse) USB devices. If they do, they will no longer be able/allowed, etc.
0
 
jct_777Author Commented:
Hi,

My management asked me whether we can deny the access to  USB modem through group policy to users.

Is it possible. I need to give an answer to my management.

Regards,

JCT
0
 
arnoldCommented:
You can, the issue is whether the users are allowed to install drivers which might be required.

The issue is that a person with direct access to the system could login without some GPOs applying and possibly the USB enforcement being one of those.

Symantec SEP as an example have the option to lockout devices.

If you have not setup event log forwarding, you might want to consider setting a central event log collector.  You can the detect the event ID of such a device, and ........
Get into a setup that a notification is generated.
0
 
Gajendra RathodSr. System AdministratorCommented:
Please try blocking Custom device classes in GPO.

You can block modem using device class ID.
0
 
jct_777Author Commented:
Hi ,

I am having little confusion .  can you please explain by showing an example.

Regards,

JCT
0
 
jct_777Author Commented:
Dear Gajendra_Rathod,

Thank you very much for the help. Will apply the above configuration & will also update you.

Regards,

JCT
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.