Solved

USB, CDROM, local Hard Drive access Disable

Posted on 2014-09-17
3
266 Views
Last Modified: 2014-10-13
I have a client that is being Audited, on computer security. I have previously attempted to setup a global group policy that would disable access to all USB mass storage devices, and CDROM's, although it did not seem to work properly, so I imported registry keys into each of the workstations that in fact did disable these. I tested that they were non accessible 3  days ago. Yesterday the Auditor put a USB thumb drive in 5 of the machines and they all read. I am completely lost as to how this can be. I assume the only way I will resolve this is with the proper GPO on the server, but I am not understanding what I did wrong the first time, I now have the added problem that the Auditor now wants the client computers to not be able to access their local workstation hard drives
0
Comment
Question by:ccrinc
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
Andy M earned 500 total points
ID: 40328361
This should give you an idea of how to block removable media access via GPO:

http://community.spiceworks.com/how_to/show/11589-create-a-group-policy-to-prevent-access-to-all-removable-storage-devices

Used same guide when setting it up for one of our clients and works well.

As for restricting access to the local drive, I think this is done in a similar way though never actually done it myself.
0
 

Author Comment

by:ccrinc
ID: 40360694
Sorry for the delay, but I keep trying to look at this and find the answer, and although your above solution sure looks easy enough, the problem is I'm running Windows Small Business Server 2003, and when I get down to step 5 (the part where you lock it out I don't have the option mentioned "Removable  storage access", I've also found other answers that point to almost the same location in Group Policy only they refer to "Device Installation Restrictions" I don't have that either. It must be a difference in 2003 SBS.

Then I tried http://support.microsoft.com/kb/231289 but this doesn't seem to work either
0
 

Author Closing Comment

by:ccrinc
ID: 40377728
Your solution would be the best if the options were available in 2003 SBS, I have resolved the problem using almost the exact steps you referenced, but I had to upgrade the server to a 2008 environment. Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question