• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 468
  • Last Modified:

WPD Device Policy in Windows 2008 Server R2

I'm having trouble with part of the Removable Access Storage policy in Windows 2008 R2 Server. I set the policy to limit DVD/CD, Removable Drive, and WPD to read only and only applied this to a security group with select members. The policy worked fine, but I got requests to have access for a camera for pictures. I took out a few members so the policy would not apply to them and ran gupdate /force, rebooted, etc. I then ran rsop.msc to see what was applied to the computer and these parameters were not there, but when I went to connect the camera, it would not read it and said access was denied. The policy is user based not computer. The DVD/CD and USB thumbdrives work with no issue, only the camera is an issue. If I login to the machine with another user not part of the original policy, it works fine. I've checked the registry and even tried a suggested hot fix for this issue, but the hot fix say it is not necessary. My workstations are Windows 7 Pro. Any suggestions to get this working again would be appreciated. Thanks!
0
mrogers1650
Asked:
mrogers1650
  • 2
1 Solution
 
Daniel KlineSr. SharePoint DeveloperCommented:
Are those "weapons of PC Destruction"?  Sorry, not helpful, but I couldn't help myself.

I would try uninstalling the camera driver and reinstalling it.  It could be that the driver sets those settings during installation.  Most camera drivers see the internal memory or cards as removable storage.
0
 
LazarusCommented:
you could try to reset you local computers GPO:

XP
In the console window, type the command: secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

WIN 7
In the console window, type the command: secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
0
 
mrogers1650Author Commented:
I was able to get this resolved by working with the OU I setup, moving users in and out, and disabling the policy, allowing the default domain update to work and then re-enabling it and allowing the 90 minute update apply again. I allowed the default update because there are too many clients to update individually. I think I got lucky, but I did not have to remove registry entries, rename .pol files, etc. The final suggestion in this thread is what I think helped:

http://www.techrepublic.com/forums/questions/old-gpo-settings-keep-returning/

Mark
0
 
mrogers1650Author Commented:
I found some info and suggestions on the Internet and it helped me resolve the issue.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now