Solved

Block USB flash drives on domain clients with gpo

Posted on 2014-12-18
3
142 Views
Last Modified: 2015-01-03
Is there a GPO that will block USB ports- mass storage devices only- so that I can prevent folks from using USB flash drives on the domain etc, but NOT block USB ports that are needed for other devices like printers etc?

Win7 clients/ Win2008 domain

please advise
0
Comment
Question by:Rbbedz1
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 500 total points
ID: 40507287
Yes.

Computer Configuration > Admin Templates > System > Removal Storage Access. Here are your options.

 removstorage.PNG
0
 

Author Comment

by:Rbbedz1
ID: 40507292
we also want to be able to enforce this for some clients and to not push to others (exceptions).....can this be done so that we can only give to some and not others
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 40507296
Yes. You apply GPOs to OUs in the GPMC. So it just depends on your A.D. structure. You could have two OUs, one where you are going to enforce this and one where you don't. So apply the GPO to the OU you want to enforce this setting. Just ensure the related computer objects are in this OU.

Alternatively, you can use security or wmi filtering.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question