Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

USB, CDROM, local Hard Drive access Disable

Posted on 2014-09-17
3
Medium Priority
?
276 Views
Last Modified: 2014-10-13
I have a client that is being Audited, on computer security. I have previously attempted to setup a global group policy that would disable access to all USB mass storage devices, and CDROM's, although it did not seem to work properly, so I imported registry keys into each of the workstations that in fact did disable these. I tested that they were non accessible 3  days ago. Yesterday the Auditor put a USB thumb drive in 5 of the machines and they all read. I am completely lost as to how this can be. I assume the only way I will resolve this is with the proper GPO on the server, but I am not understanding what I did wrong the first time, I now have the added problem that the Auditor now wants the client computers to not be able to access their local workstation hard drives
0
Comment
Question by:ccrinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Andy M earned 1500 total points
ID: 40328361
This should give you an idea of how to block removable media access via GPO:

http://community.spiceworks.com/how_to/show/11589-create-a-group-policy-to-prevent-access-to-all-removable-storage-devices

Used same guide when setting it up for one of our clients and works well.

As for restricting access to the local drive, I think this is done in a similar way though never actually done it myself.
0
 

Author Comment

by:ccrinc
ID: 40360694
Sorry for the delay, but I keep trying to look at this and find the answer, and although your above solution sure looks easy enough, the problem is I'm running Windows Small Business Server 2003, and when I get down to step 5 (the part where you lock it out I don't have the option mentioned "Removable  storage access", I've also found other answers that point to almost the same location in Group Policy only they refer to "Device Installation Restrictions" I don't have that either. It must be a difference in 2003 SBS.

Then I tried http://support.microsoft.com/kb/231289 but this doesn't seem to work either
0
 

Author Closing Comment

by:ccrinc
ID: 40377728
Your solution would be the best if the options were available in 2003 SBS, I have resolved the problem using almost the exact steps you referenced, but I had to upgrade the server to a 2008 environment. Thanks
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question