USB, CDROM, local Hard Drive access Disable

I have a client that is being Audited, on computer security. I have previously attempted to setup a global group policy that would disable access to all USB mass storage devices, and CDROM's, although it did not seem to work properly, so I imported registry keys into each of the workstations that in fact did disable these. I tested that they were non accessible 3  days ago. Yesterday the Auditor put a USB thumb drive in 5 of the machines and they all read. I am completely lost as to how this can be. I assume the only way I will resolve this is with the proper GPO on the server, but I am not understanding what I did wrong the first time, I now have the added problem that the Auditor now wants the client computers to not be able to access their local workstation hard drives
ccrincAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andy MInternal Systems ManagerCommented:
This should give you an idea of how to block removable media access via GPO:

http://community.spiceworks.com/how_to/show/11589-create-a-group-policy-to-prevent-access-to-all-removable-storage-devices

Used same guide when setting it up for one of our clients and works well.

As for restricting access to the local drive, I think this is done in a similar way though never actually done it myself.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ccrincAuthor Commented:
Sorry for the delay, but I keep trying to look at this and find the answer, and although your above solution sure looks easy enough, the problem is I'm running Windows Small Business Server 2003, and when I get down to step 5 (the part where you lock it out I don't have the option mentioned "Removable  storage access", I've also found other answers that point to almost the same location in Group Policy only they refer to "Device Installation Restrictions" I don't have that either. It must be a difference in 2003 SBS.

Then I tried http://support.microsoft.com/kb/231289 but this doesn't seem to work either
0
ccrincAuthor Commented:
Your solution would be the best if the options were available in 2003 SBS, I have resolved the problem using almost the exact steps you referenced, but I had to upgrade the server to a 2008 environment. Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.