Locking down Removable Storage(USB/Flash Drives) but creating excemption for DVD/CD Drive
Title pretty much says what I am needing help with. We are wanting to lock down USB/Flash Drive access on our domain, but we noticed the cd/dvd drives on users computers are listed under Removable Storage so these get locked down as well. Is there any way to create exemption for these drives? I saw some articles on finding the hardware id on the cd/dvd drives but where would I list these in the group policy?
Thanks for any assistance on this.
Thanks for any assistance on this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Lee,
I reread your last comment and I believe I misunderstood the instructions. Sorry about that. Let me try this and I will let you know.
Thanks!
I reread your last comment and I believe I misunderstood the instructions. Sorry about that. Let me try this and I will let you know.
Thanks!
ASKER
Perfect. It worked. Thanks! Consider this closed.
My pleasure Deborah. Enjoy the weekend!
Regards, Lee
Regards, Lee
Depending on what you are trying to protect against, the solution is not complete, yet. If an attacker would connect a usb device that could mimic a keyboard, it would not be stopped by this GPO. The attack I am talking about is usualy referred to as "usb rubberducky". Find more info and a solution here: https://www.experts-exchange.com/articles/18574/Bad-USB-time-to-fight-back.html
ASKER
Thanks for the assistance. However I don't want to disable CD/DVD drives, just USB flash drives. However when I enabled GP settings for removable disks, it locked down the cd/dvd drive as well.