deklinm
asked on
Shutdown USB Storage Devices on Win 7 Pro & Win 10 Pro
I have a Windows domain. My domain controllers are running 2008 and 2012. My member workstations are running Win 7 Pro and Win 10 Pro. Is there a way to administratively shut down the ability to connect any type of storage device to a USB drive?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Security filtering by user doesnt work the way you think it does. So yes, you broke your policy the moment you made that change.
More info in what broke and why.
https://blogs.technet.microsoft.com/askpfeplat/2016/07/05/who-broke-my-user-gpos/
https://blogs.technet.microsoft.com/askpfeplat/2016/07/05/who-broke-my-user-gpos/
ASKER
so how to i apply the policy? By machine?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm still having problems applying the policy. All of my domain computers are in the computers container. I want it to apply to all computers except for five of them. However, I can't even get it to apply to any
User settings apply user objects in AD. If you link a GPO with user settings to an OU with only computer objects, nothing happens.
Similarly, computer settings only apply to computer objects. Linking such a policy to an OU with user objects would have no effect on those users
Then there are security filters that have do be done right either route you go.
Chances are one of those setup steps was done in correctly. GPResults is your friend when troibleshooting.
Similarly, computer settings only apply to computer objects. Linking such a policy to an OU with user objects would have no effect on those users
Then there are security filters that have do be done right either route you go.
Chances are one of those setup steps was done in correctly. GPResults is your friend when troibleshooting.
ASKER
This new GPO is linked to my primary (and only) domain, its enabled and enforced.
What am i missing?
See pic attached
GP1.jpg