Solved

Windows Server 2012

Posted on 2013-10-29
9
226 Views
Last Modified: 2013-11-02
Dear Experts,

In my organisation most of the users they don't have internet connection. Already through group policy  i gave deny access to usb storages for them. But some users are bringing personal usb modems & connecting their computer to that usb modem & getting access to internet.

My question is i want to block that usb modem also. how can i do it.

Please help.

Regards,

JCT
0
Comment
Question by:jct_777
  • 4
  • 3
  • 2
9 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 39610798
Make sure the policy is clearly stated and everyone is aware of it.
The  enforce the consequences when the policy violated.

Likely issue is the GPO does not apply on the system where the USB is being attached.

You could setup an internal proxy and the enforce it on the computer/user level, though it can be circumvented. Ref first paragraph.
0
 
LVL 1

Author Comment

by:jct_777
ID: 39610804
Hi ,

I did'nt understand what you meant to say. Can you please clarify once again.

Jct
0
 
LVL 77

Expert Comment

by:arnold
ID: 39611172
Tell your users that they are not allowed to connect any non hid (keyboard, mouse) USB devices. If they do, they will no longer be able/allowed, etc.
0
 
LVL 1

Author Comment

by:jct_777
ID: 39612023
Hi,

My management asked me whether we can deny the access to  USB modem through group policy to users.

Is it possible. I need to give an answer to my management.

Regards,

JCT
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 77

Expert Comment

by:arnold
ID: 39613111
You can, the issue is whether the users are allowed to install drivers which might be required.

The issue is that a person with direct access to the system could login without some GPOs applying and possibly the USB enforcement being one of those.

Symantec SEP as an example have the option to lockout devices.

If you have not setup event log forwarding, you might want to consider setting a central event log collector.  You can the detect the event ID of such a device, and ........
Get into a setup that a notification is generated.
0
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 39613413
Please try blocking Custom device classes in GPO.

You can block modem using device class ID.
0
 
LVL 1

Author Comment

by:jct_777
ID: 39613652
Hi ,

I am having little confusion .  can you please explain by showing an example.

Regards,

JCT
0
 
LVL 10

Accepted Solution

by:
Gajendra Rathod earned 500 total points
ID: 39613698
Modem Class "4D36E96D-E325-11CE-BFC1-08002BE10318"

Go Computer Configuration | Administrative template Policy | System |Removable Storage Access.

Custom classes : Deny read access|Enable |add 4D36E96D-E325-11CE-BFC1-08002BE10318
Custom classes : Deny write access | Enable | add 4D36E96D-E325-11CE-BFC1-08002BE10318
0
 
LVL 1

Author Comment

by:jct_777
ID: 39615407
Dear Gajendra_Rathod,

Thank you very much for the help. Will apply the above configuration & will also update you.

Regards,

JCT
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
File Types Dropdown box 3 25
Restricting Domain Admin Accounts 4 47
online backup for win98se 30 41
How to uninstall patches using SCCM 2012? 2 54
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Many times while working on a computer regardless of any Operating System, lag and crashes seem to creep in, hindering your working speed. Sometimes, it can also cause your work to be lost unexpectedly and as a result, you are unable to meet your de…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now