finance_teacher
asked on
Windows 10 Pro, non-DOMAIN, disable usb storage by USER ?
How can I disable "USB storage" on the
below #4 via gpedit.msc or something else ?
Details
** Operating System = Windows 10 Pro
** Location = Home
** Domain = NO
Steps
1. I login as me
2. USB storage works
3. my 5 year old logs in
4. no USB storage since I do NOT
want child to copy data from
bad USB drives onto PC
below #4 via gpedit.msc or something else ?
Details
** Operating System = Windows 10 Pro
** Location = Home
** Domain = NO
Steps
1. I login as me
2. USB storage works
3. my 5 year old logs in
4. no USB storage since I do NOT
want child to copy data from
bad USB drives onto PC
Cliff Galiher
3rd party software. Most security A/V bundles can do this
On a home version you have a single policy all or none.
The second account needs to be limited, standard any corruption will be limited to the standard user. It will not impact the system
An AV that scans ..... To shield the system.
info to user.
The second account needs to be limited, standard any corruption will be limited to the standard user. It will not impact the system
An AV that scans ..... To shield the system.
info to user.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
mcknife, interesting.
in a localized environment, did not think to even look...
The question while you can limit the user from accessing, the USB or any removable device. A USB storage device when connected is read in by the system which at times all that is needed if the "driver" is what is infected compromised?
If one follows the news there was a person arrested with payload laden usb devices. while this policy would prevent the user from accessing data or copying data out. The system when mounting the removable storage ....
in a localized environment, did not think to even look...
The question while you can limit the user from accessing, the USB or any removable device. A USB storage device when connected is read in by the system which at times all that is needed if the "driver" is what is infected compromised?
If one follows the news there was a person arrested with payload laden usb devices. while this policy would prevent the user from accessing data or copying data out. The system when mounting the removable storage ....
When connecting a USB device, nothing is being read, there is no autorun anymore. The device cannot dictate a driver, no danger.
What are you referring to?
What are you referring to?
Does it not get mounted by the system?
The user level restriction is for access related rights.
Consider A package with a lock.
If seems suspicious you do not bring it in. A standard user, is handed a package with a lock. This person brings it in, and puts it at ....
Did not have an unused/previously connected storage though did not think ......
From the user configuration ..., settings.
Thought what happens when the restriction is in place and the user to whom it applies inserts a USB
In my test, it mounted the stick though it was previously used on the system
If it is mounted, extrapolating, if user inserts, the system then goes through the process USB enumeration, identify the device, load driver, ....whether or not a drive letter is assigned.
Some USB devices. include their own "driver"....
The user level restriction is for access related rights.
Consider A package with a lock.
If seems suspicious you do not bring it in. A standard user, is handed a package with a lock. This person brings it in, and puts it at ....
Did not have an unused/previously connected storage though did not think ......
From the user configuration ..., settings.
Thought what happens when the restriction is in place and the user to whom it applies inserts a USB
In my test, it mounted the stick though it was previously used on the system
If it is mounted, extrapolating, if user inserts, the system then goes through the process USB enumeration, identify the device, load driver, ....whether or not a drive letter is assigned.
Some USB devices. include their own "driver"....
No software on a stick gets started automatically unless people intentionally active autorun - that just does not happen. If you have a stick with capabilities that go beyond what windows' own drivers make possible, then the user will have to start a software - it will never start on its own.
I am talking about the process windows goes through when a new USB stick/device is inserted.
No user involvement needed.
On the GPO computer configuration one can disable/limit USB to HID devices only, non-storage types
.....
No user involvement needed.
On the GPO computer configuration one can disable/limit USB to HID devices only, non-storage types
.....