troubleshooting Question

Block USB Storage Devices

Avatar of hypercube
hypercubeFlag for United States of America asked on
StorageActive DirectorySecurity
12 Comments1 Solution99 ViewsLast Modified:
We're trying to implement a GPO that will block USB storage devices.
It appears that there are at least two approaches at the broad design level:
1) Apply the GPO to users.
2) Apply the GPO to computers.
We tried applying a new GPO to users like this:
  • Set up a User's Security Group
  • Set up a GPO with Scope including the User's Security Group
  • and with Authorized Users having READ and NOT Apply GPO
  • Then, the GP settings for removable storage are added as well
  • Then the GPO is linked to the User's OU
  • Then blocked Users are added to the User's Security Group
It didn't work for us.  

The other approach would seem to be:
  • Set up an OU of Computers
  • Create a simple GPO with the same settings for removable storage
  • Link the GPO to an appropriate Computer OU or set of them
  • Move pertinent computers into the appropriate Computer OUs

I haven't done the latter yet but I have more confidence in it.

Any suggestions?
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 12 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 12 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros