Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows Server 2012

Posted on 2013-10-29
9
Medium Priority
?
245 Views
Last Modified: 2013-11-02
Dear Experts,

In my organisation most of the users they don't have internet connection. Already through group policy  i gave deny access to usb storages for them. But some users are bringing personal usb modems & connecting their computer to that usb modem & getting access to internet.

My question is i want to block that usb modem also. how can i do it.

Please help.

Regards,

JCT
0
Comment
Question by:jct_777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 39610798
Make sure the policy is clearly stated and everyone is aware of it.
The  enforce the consequences when the policy violated.

Likely issue is the GPO does not apply on the system where the USB is being attached.

You could setup an internal proxy and the enforce it on the computer/user level, though it can be circumvented. Ref first paragraph.
0
 
LVL 1

Author Comment

by:jct_777
ID: 39610804
Hi ,

I did'nt understand what you meant to say. Can you please clarify once again.

Jct
0
 
LVL 79

Expert Comment

by:arnold
ID: 39611172
Tell your users that they are not allowed to connect any non hid (keyboard, mouse) USB devices. If they do, they will no longer be able/allowed, etc.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jct_777
ID: 39612023
Hi,

My management asked me whether we can deny the access to  USB modem through group policy to users.

Is it possible. I need to give an answer to my management.

Regards,

JCT
0
 
LVL 79

Expert Comment

by:arnold
ID: 39613111
You can, the issue is whether the users are allowed to install drivers which might be required.

The issue is that a person with direct access to the system could login without some GPOs applying and possibly the USB enforcement being one of those.

Symantec SEP as an example have the option to lockout devices.

If you have not setup event log forwarding, you might want to consider setting a central event log collector.  You can the detect the event ID of such a device, and ........
Get into a setup that a notification is generated.
0
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 39613413
Please try blocking Custom device classes in GPO.

You can block modem using device class ID.
0
 
LVL 1

Author Comment

by:jct_777
ID: 39613652
Hi ,

I am having little confusion .  can you please explain by showing an example.

Regards,

JCT
0
 
LVL 10

Accepted Solution

by:
Gajendra Rathod earned 2000 total points
ID: 39613698
Modem Class "4D36E96D-E325-11CE-BFC1-08002BE10318"

Go Computer Configuration | Administrative template Policy | System |Removable Storage Access.

Custom classes : Deny read access|Enable |add 4D36E96D-E325-11CE-BFC1-08002BE10318
Custom classes : Deny write access | Enable | add 4D36E96D-E325-11CE-BFC1-08002BE10318
0
 
LVL 1

Author Comment

by:jct_777
ID: 39615407
Dear Gajendra_Rathod,

Thank you very much for the help. Will apply the above configuration & will also update you.

Regards,

JCT
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question