Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 150
  • Last Modified:

Block USB flash drives on domain clients with gpo

Is there a GPO that will block USB ports- mass storage devices only- so that I can prevent folks from using USB flash drives on the domain etc, but NOT block USB ports that are needed for other devices like printers etc?

Win7 clients/ Win2008 domain

please advise
0
Rbbedz1
Asked:
Rbbedz1
  • 2
1 Solution
 
Schuyler DorseyCommented:
Yes.

Computer Configuration > Admin Templates > System > Removal Storage Access. Here are your options.

 removstorage.PNG
0
 
Rbbedz1Author Commented:
we also want to be able to enforce this for some clients and to not push to others (exceptions).....can this be done so that we can only give to some and not others
0
 
Schuyler DorseyCommented:
Yes. You apply GPOs to OUs in the GPMC. So it just depends on your A.D. structure. You could have two OUs, one where you are going to enforce this and one where you don't. So apply the GPO to the OU you want to enforce this setting. Just ensure the related computer objects are in this OU.

Alternatively, you can use security or wmi filtering.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now