Start Free TrialLog in
Avatar of Deborah Canales
Deborah CanalesFlag for United States of America

asked on 

Locking down Removable Storage(USB/Flash Drives) but creating excemption for DVD/CD Drive

Title pretty much says what I am needing help with.  We are wanting to lock down USB/Flash Drive access on our domain, but we noticed the cd/dvd drives on users computers are listed under Removable Storage so these get locked down as well.  Is there any way to create exemption for these drives?  I saw some articles on finding the hardware id on the cd/dvd drives but where would I list these in the group policy?

Thanks for any assistance on this.
Active DirectoryHardwareOS SecurityPeripheralsSecurity
Avatar of undefined
Last Comment
McKnife
ASKER CERTIFIED SOLUTION
Avatar of Lee Ingalls
Lee Ingalls
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Deborah Canales
Deborah Canales
Flag of United States of America image

ASKER

Hi Lee,

Thanks for the assistance.  However I don't want to disable CD/DVD drives, just USB flash drives.  However when I enabled GP settings for removable disks, it locked down the cd/dvd drive as well.
Avatar of Deborah Canales
Deborah Canales
Flag of United States of America image

ASKER

Hi Lee,

I reread your last comment and I believe I misunderstood the instructions. Sorry about  that.   Let me try this and I will let you know.

Thanks!
Avatar of Deborah Canales
Deborah Canales
Flag of United States of America image

ASKER

Perfect. It worked.  Thanks! Consider this closed.
Avatar of Lee Ingalls
Lee Ingalls
Flag of United States of America image
My pleasure Deborah. Enjoy the weekend!

Regards, Lee
Avatar of McKnife
McKnife
Flag of Germany image
Depending on what you are trying to protect against, the solution is not complete, yet. If an attacker would connect a usb device that could mimic a keyboard, it would not be stopped by this GPO. The attack I am talking about is usualy referred to as "usb rubberducky". Find more info and a solution here: https://www.experts-exchange.com/articles/18574/Bad-USB-time-to-fight-back.html
Active Directory
Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent