• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 151
  • Last Modified:

Block USB flash drives on domain clients with gpo

Is there a GPO that will block USB ports- mass storage devices only- so that I can prevent folks from using USB flash drives on the domain etc, but NOT block USB ports that are needed for other devices like printers etc?

Win7 clients/ Win2008 domain

please advise
0
Rbbedz1
Asked:
Rbbedz1
  • 2
1 Solution
 
Schuyler DorseyCommented:
Yes.

Computer Configuration > Admin Templates > System > Removal Storage Access. Here are your options.

 removstorage.PNG
0
 
Rbbedz1Author Commented:
we also want to be able to enforce this for some clients and to not push to others (exceptions).....can this be done so that we can only give to some and not others
0
 
Schuyler DorseyCommented:
Yes. You apply GPOs to OUs in the GPMC. So it just depends on your A.D. structure. You could have two OUs, one where you are going to enforce this and one where you don't. So apply the GPO to the OU you want to enforce this setting. Just ensure the related computer objects are in this OU.

Alternatively, you can use security or wmi filtering.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now