Solved

block USB per user

Posted on 2016-09-26
9
18 Views
Last Modified: 2016-11-08
hello,

we are in AD (azure) it seems that we cant setup GPO to block USB per user (only per device working).
if it not possible please recommend on any tools to execute this.

Best Regards,

Udi
0
Comment
Question by:Robert-Prodigy
  • 3
  • 3
  • 2
9 Comments
 
LVL 39

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41816315
You'll have to have a third party solution to do peripheral management on a per-user basis. I don't know of many tools that provide this, but the Sophos AV advanced license has this capability.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41816415
I have a way for you, but I don't know if you'd like it.
First of all, it requires a server 2012 or higher domain controller (which should be given with Azure AD, but I don't use that and am not sure what management tools it offers - is it a true GPMC that you use?)
Then, the clients need to be at least windows 8.

Does that apply to you?
0
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 41816510
Azure AD has very very simplistic Group Policy capabilities, so there are very few full Domain GPO features that can be utilized with an Azure AD only domain. If you have an Azure VM that is a DC, you could do a lot more, but with just Azure AD Premium, you're either going to have to add on the Enterprise Mobility Suite to do what you want or get a third party application.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:Robert-Prodigy
ID: 41823479
is it possible to add GPO or to extend the option or add-on to intune AD in order to excute this? is there any other way to block USB per user?

if it possible to purchase extend GPO from Intune Microsoft I think it will be the easy way to that, but any other alternative will be good, we also thought to install hybrid internal AD only for this option but  I guess it will require to purchase server CAL

Best Regards,
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41823585
If you want me to help you, please respond to both my questions, first.
0
 

Author Comment

by:Robert-Prodigy
ID: 41829374
all our clients are win 10, the AD is Intune as SAS
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41829380
Clients on win10 - good. And with intune, can you please check if you can use these policies that my article mentions: https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html

That article holds the plan.
0
 

Author Comment

by:Robert-Prodigy
ID: 41829382
checking, thx
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question