[gptalk] Re: ADM problem
- From: "Gray Troutman" <jgraytroutman@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Tue, 22 Aug 2006 10:17:46 -0500
The thing is that if I create the key/dword and put in the value 1 in
manually, it works fine, write access to USB devices is disallowed. If I
use the ADM, though, it creates the key and dword, but doesn't put the
correct value in, it stays 0.
On 8/22/06, Tim Bolton <jsclmedave@xxxxxxxxx> wrote:
We tried this numerous times, but certain USB sticks were still able
to load and were accessible.
hopefully Darren has the magic bullet for this. I have heard of shops
actually putting epoxy in the ports...
We use a product that took care of this. If you want info on it
please email me direct.
I am very curious to see if there is a workable solution in GP...
TB
On 8/22/06, Gray Troutman <jgraytroutman@xxxxxxxxx> wrote:
> Hey folks,
> I've implemented a few custom ADMs without any difficulty. I have one,
> however, that doesn't seem to want to work properly. It's one I found
it
> over at thelazyadmin.com . The ADM is supposed to disable write access
to
> USB devices. When I manually create the key and dword, everything works
> fine, but when I try to implement it through a GPO, it creates the key
and
> dword, but doesn't place the appropriate value (1) into the
registry. Here
> are the contents of the ADM:
>
> CLASS MACHINE
> CATEGORY "Removeable Storage Write Access"
> POLICY "USB Write Access"
> KEYNAME
> "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
> VALUENAME "WriteProtect"
> VALUEON NUMERIC 1
> VALUEOFF NUMERIC 0
> END POLICY
> END CATEGORY;
>
> As an additional note, I'll mention that this is the only machine
specific
> policy I'm trying to enforce within this GPO, everything else is on the
user
> side. I had thought that maybe I had instituted a policy that was
keeping
> the key from being generated, but everything show up except for the
> appropriate value.
>
> Thanks in advance,
> Gray
>
--
Genius may have its limitations, but stupidity is not thus
handicapped. - Elbert Hubbard
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************
- Follow-Ups:
- [gptalk] Re: ADM problem
- From: Delaney, Doug
- References:
- [gptalk] ADM problem
- From: Gray Troutman
- [gptalk] Re: ADM problem
- From: Tim Bolton
Other related posts:
- » [gptalk] ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
We tried this numerous times, but certain USB sticks were still able to load and were accessible.
hopefully Darren has the magic bullet for this. I have heard of shops actually putting epoxy in the ports...
We use a product that took care of this. If you want info on it please email me direct.
I am very curious to see if there is a workable solution in GP...
TB
On 8/22/06, Gray Troutman <jgraytroutman@xxxxxxxxx> wrote: > Hey folks, > I've implemented a few custom ADMs without any difficulty. I have one, > however, that doesn't seem to want to work properly. It's one I found it > over at thelazyadmin.com . The ADM is supposed to disable write access to > USB devices. When I manually create the key and dword, everything works > fine, but when I try to implement it through a GPO, it creates the key and > dword, but doesn't place the appropriate value (1) into the registry. Here > are the contents of the ADM: > > CLASS MACHINE > CATEGORY "Removeable Storage Write Access" > POLICY "USB Write Access" > KEYNAME > "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies" > VALUENAME "WriteProtect" > VALUEON NUMERIC 1 > VALUEOFF NUMERIC 0 > END POLICY > END CATEGORY; > > As an additional note, I'll mention that this is the only machine specific > policy I'm trying to enforce within this GPO, everything else is on the user > side. I had thought that maybe I had instituted a policy that was keeping > the key from being generated, but everything show up except for the > appropriate value. > > Thanks in advance, > Gray >
-- Genius may have its limitations, but stupidity is not thus handicapped. - Elbert Hubbard *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at http://www.freelists.org/archives/gptalk/ ************************
- [gptalk] Re: ADM problem
- From: Delaney, Doug
- [gptalk] ADM problem
- From: Gray Troutman
- [gptalk] Re: ADM problem
- From: Tim Bolton