Solved

How to Deny access to all Removable Media for select users on SBS 2011

Posted on 2014-02-10
6
710 Views
Last Modified: 2014-02-12
I have created a GPO on my SBS 2011 box to deny all access to removable media for a specific group I created. Policy is enabled/enforced and linked appropriately.

However despite all efforts, the policy does not apply to the users in the group.

I have applied the policy to both the computer and user configuration in the GP.

When I run RSOP on a user, I can see the policy is enabled under the user configuration, however, will never show up under the computer configuration despite not being configured in any other GPO.

Is this not supposed to work by design or is there some other way to get this GPO to function.
0
Comment
Question by:tjwo94
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:Netflo
ID: 39849897
The GPO needs to be tweaked slightly differently if applying to Windows XP clients as opposed to Windows 7 and above which will just work. Is this the case?

If so, please take a look at the following link: http://www.grouppolicy.biz/2010/02/how-to-use-group-policy-to-disable-usb-drives-on-windows-xp/
0
 

Author Comment

by:tjwo94
ID: 39850133
All clients are Windows 7, hence the frustration as to why it isn't working.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 39852072
This is not a USER policy, so do not set anything in the user configuration.

There are THREE settings which must be enabled in your GPO under Computer Configuration > Policies > Administrative Templates > System > Removable Storage Access:


Removable Disks: Deny execute access Enabled
Removable Disks: Deny read access Enabled
Removable Disks: Deny write access Enabled

Deny USB Drives
Make sure that this policy is linked either at the domain level, or if to an OU, that all machines that are restricted are in the OU.

If the above doesn't work, please run the following command on a workstation:

C:\>gpresult /h gp.html

Then post the resulting "gp.html" file back here.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:tjwo94
ID: 39852974
Just to clarify, this policy can only be applied to specific machines, not specific users? So I would need to put specific machines in an OU as opposed to specific users?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39853227
Yes, it is a MACHINE setting, not a USER setting.

FYI, if you don't want to move the machines to a specific OU, you could always just create a SECURITY GROUP and add them to that, and then delegate the GP to only that Security Group.

Jeff
0
 

Author Closing Comment

by:tjwo94
ID: 39853500
Thank you Jeff for the help and clarification, I'll have no trouble getting the access squared away now.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question