Hi Ray, We have set the scripts as you have suggested. How do we check if its working? We did try by randomly plugging in to some systems and usb devices are disabled, but is there any other way to find out? Also can you please share the scripts to allow administrators to use usb devices? warm regards Anth. On 3/10/07, Ray Lewis <razor@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Anth.. I was faced with this same problem last year.. scripting to set the DWORD value will indeed disable the device, however, if an alternative stick is to be used, this doesn't apply…. Using subinacl, to set the USBSTOR registry permissions to DENY for the SYSTEM "group" should sort out your problem. Download subinacl.exe to a share and add the following line to your existing script: "\\*your server*\*your shared folder*\subinacl.exe" /keyreg \system\currentcontrolset\services\usbstor /deny=system My scenario was a little different as I wanted standard users to be denied and for Administrators to be allowed – I controlled this simply via the login scripts. Hope this helps… Ray ------------------------------ *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On Behalf Of *Ananth Rajagopal *Sent:* 10 March 2007 14:08 *To:* gptalk@xxxxxxxxxxxxx *Subject:* [gptalk] Script not applicable for local admin Hi all, I got 3 questions.... 1. we have a script which disables removable usb drive access. but it doesn't work for local admin logon's . how do i make it applicable for them too..basically what the script does is it modifies the USBSTOR value from 3 to 4, thus disabling it, but guys who have local admin rights just opens device manager, removes the usb drives and reinstalls them! thus enabling it! 2. how can i disable device manager access, even if the user has local admin rights? 3. we have a scripts which copies some 10mb of data every time users logs in, even if the files are already in the destination folder it is again copied, how can i make it a incremental or diferential copy? we do this via a batch file. a BIG thanks to all who regularly contribute to this very helpful list!! :-) best regards anth :-)