Solved

USB, CDROM, local Hard Drive access Disable

Posted on 2014-09-17
3
270 Views
Last Modified: 2014-10-13
I have a client that is being Audited, on computer security. I have previously attempted to setup a global group policy that would disable access to all USB mass storage devices, and CDROM's, although it did not seem to work properly, so I imported registry keys into each of the workstations that in fact did disable these. I tested that they were non accessible 3  days ago. Yesterday the Auditor put a USB thumb drive in 5 of the machines and they all read. I am completely lost as to how this can be. I assume the only way I will resolve this is with the proper GPO on the server, but I am not understanding what I did wrong the first time, I now have the added problem that the Auditor now wants the client computers to not be able to access their local workstation hard drives
0
Comment
Question by:ccrinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
Andy M earned 500 total points
ID: 40328361
This should give you an idea of how to block removable media access via GPO:

http://community.spiceworks.com/how_to/show/11589-create-a-group-policy-to-prevent-access-to-all-removable-storage-devices

Used same guide when setting it up for one of our clients and works well.

As for restricting access to the local drive, I think this is done in a similar way though never actually done it myself.
0
 

Author Comment

by:ccrinc
ID: 40360694
Sorry for the delay, but I keep trying to look at this and find the answer, and although your above solution sure looks easy enough, the problem is I'm running Windows Small Business Server 2003, and when I get down to step 5 (the part where you lock it out I don't have the option mentioned "Removable  storage access", I've also found other answers that point to almost the same location in Group Policy only they refer to "Device Installation Restrictions" I don't have that either. It must be a difference in 2003 SBS.

Then I tried http://support.microsoft.com/kb/231289 but this doesn't seem to work either
0
 

Author Closing Comment

by:ccrinc
ID: 40377728
Your solution would be the best if the options were available in 2003 SBS, I have resolved the problem using almost the exact steps you referenced, but I had to upgrade the server to a 2008 environment. Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Want Win 10 Pro to search like Server 2010 or 2012 27 110
RDS licensing 2008 to 2016 9 80
Windows Server Event Log DSM Error-1000 10 34
GPO on certain users 17 36
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question