Solved

USB, CDROM, local Hard Drive access Disable

Posted on 2014-09-17
3
273 Views
Last Modified: 2014-10-13
I have a client that is being Audited, on computer security. I have previously attempted to setup a global group policy that would disable access to all USB mass storage devices, and CDROM's, although it did not seem to work properly, so I imported registry keys into each of the workstations that in fact did disable these. I tested that they were non accessible 3  days ago. Yesterday the Auditor put a USB thumb drive in 5 of the machines and they all read. I am completely lost as to how this can be. I assume the only way I will resolve this is with the proper GPO on the server, but I am not understanding what I did wrong the first time, I now have the added problem that the Auditor now wants the client computers to not be able to access their local workstation hard drives
0
Comment
Question by:ccrinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Andy M earned 500 total points
ID: 40328361
This should give you an idea of how to block removable media access via GPO:

http://community.spiceworks.com/how_to/show/11589-create-a-group-policy-to-prevent-access-to-all-removable-storage-devices

Used same guide when setting it up for one of our clients and works well.

As for restricting access to the local drive, I think this is done in a similar way though never actually done it myself.
0
 

Author Comment

by:ccrinc
ID: 40360694
Sorry for the delay, but I keep trying to look at this and find the answer, and although your above solution sure looks easy enough, the problem is I'm running Windows Small Business Server 2003, and when I get down to step 5 (the part where you lock it out I don't have the option mentioned "Removable  storage access", I've also found other answers that point to almost the same location in Group Policy only they refer to "Device Installation Restrictions" I don't have that either. It must be a difference in 2003 SBS.

Then I tried http://support.microsoft.com/kb/231289 but this doesn't seem to work either
0
 

Author Closing Comment

by:ccrinc
ID: 40377728
Your solution would be the best if the options were available in 2003 SBS, I have resolved the problem using almost the exact steps you referenced, but I had to upgrade the server to a 2008 environment. Thanks
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question