Blocking USB port using AD, but need to use WIFI USB

I had applied AD policy which blocked USB port at workstation, but now 1 of the workstation need to use the USB for WIFI USB, is there a way to allow for only WIFI USB but block USB for those thumdrive that can save/copy files?
swpuiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
When you block USB mass storage, it will block USB storages in any form.

Its not possible to only allow wifi while blocking USB storage

The only possibility could be block USB storages based on there device ID instead of blocking all device classes
But then you would require that every time new storage device arrives, needs to be added in block list with its device ID which is not desirable.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SandeepSr System AdministratorCommented:
You can exclude the single machine from the Group Policy which is getting applied over it that block all USB Ports.

Then manually go in registry on that machine and make this entry changes as mentioned below

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
Changed the value of 'Start' to '4' from '3'

Assuming that User do not have admin rights and cannot access registry editor.


Or else you need to create new GPO for this single machine where all USB Ports will be open and via GPO above registry setting is getting applied over.
MaheshArchitectCommented:
The one another option could be if you have Symantec \ Mcafee antivirus, you can control USB device with these antivirus

These antivirus softwares are very advanced and you can exclude specific device on specific machines if wanted to easily
swpuiAuthor Commented:
will try on using ID blocking
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.