GPMC Conundrum
G'Day All,
I am seeking some directional oversight.
In trying to use GP to prevent access to removable USB storage but am not meeting with success. GPMC.MSC on my Windows 2008R2 domain controller does not provide me with the many options that I am reading about, such:
Two sections in Group Policy can help you secure your hardware: Computer Configuration | Administrative Templates | System | Removable Storage Access (see Figure 1),
and Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction (see Figure 2).
when I go into the edit of a specific policy.
I suspect that something is amiss within GP Management, a config setting, templates, who knows.
Can anyone send me some thoughts on getting the various options to show up under Administrative Templates?
Thanks and best wishes.
I am seeking some directional oversight.
In trying to use GP to prevent access to removable USB storage but am not meeting with success. GPMC.MSC on my Windows 2008R2 domain controller does not provide me with the many options that I am reading about, such:
Two sections in Group Policy can help you secure your hardware: Computer Configuration | Administrative Templates | System | Removable Storage Access (see Figure 1),
and Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction (see Figure 2).
when I go into the edit of a specific policy.
I suspect that something is amiss within GP Management, a config setting, templates, who knows.
Can anyone send me some thoughts on getting the various options to show up under Administrative Templates?
Thanks and best wishes.
ASKER
Thanks for the reply but your link is referring to server 2003 and it appears quite different from Server2008R2.
Any other pointers?
Any other pointers?
Sorry. Thats what i used a long time ago...
Have you tried to install RSAT in a Windows 7 workstation?
I can see the configs that you mencioned from gpmc.msc
Have you tried to install RSAT in a Windows 7 workstation?
I can see the configs that you mencioned from gpmc.msc
ASKER
Thanks. I have RSAT in Windows 7 workstation but the GP tree appears the same as when working directly on the server. See the screenshot from RSAT on my Win7 workstation. Thanks
ADScreenshot.jpg
ADScreenshot.jpg
Have you upgraded from 2k3, or created a central store recently?
Check if the admx files in C:\Windows\PolicyDefinitio
It would be better to do in a test environment. But i think these admx files are missing.
Its showing only the classic administrative templates.
Check if the admx files in C:\Windows\PolicyDefinitio
It would be better to do in a test environment. But i think these admx files are missing.
Its showing only the classic administrative templates.
ASKER
Thanks.
Long off 2k3, ages ago.
I am seeing all the admx files in C:\windows\PolicyDefinitio
but none in \\yourdomain\sysvol\yourdo
I am seeing lots of .adml files C:\windows\PolicyDefinitio
and also in \\yourdomain\sysvol\yourdo
Please send your thoughts. Thanks.
Long off 2k3, ages ago.
I am seeing all the admx files in C:\windows\PolicyDefinitio
but none in \\yourdomain\sysvol\yourdo
I am seeing lots of .adml files C:\windows\PolicyDefinitio
and also in \\yourdomain\sysvol\yourdo
Please send your thoughts. Thanks.
Since you have the central store, you should copy the admx files to domain path. But i am afraid the classic administrative templates will be gone. If you can reproduce in an test environment would be better.
ASKER
Makes sense. Thanks. Stay tuned.
I get the admx from machine. The central store is better, because you always have the same files in all DCs.
What files are in the \\yourdomain\sysvol\yourdo
What files are in the \\yourdomain\sysvol\yourdo
ASKER
Nothing much.
One folder and two files.
One folder named EN-US,
outlk12.admx
removablestorage.adml
One folder and two files.
One folder named EN-US,
outlk12.admx
removablestorage.adml
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great. Thanks very much
http://www.petri.co.il/disable_usb_disks_with_gpo.htm