Yes, I've made the modification. Initially it was set at computer configuration, but most of the users do not shut down their systems by the end of the day, so i put in user config. now I'll have to find some pretext, like UPS maintainance or something else, to make then restart their system!!!! A big thanks!!! Anth :-) On 4/19/07, Linux'o Mania <linuxomania@xxxxxxxxxxx> wrote:
Yes, Coz if you run it from User's context, it won't run as the user doesn't have direct access to modify HKLM\System as mentioned by Darren also. Run it from & only from Computer Configuration startup script... Regds, LP *Ananth Rajagopal <ananth.rg@xxxxxxxxx>* wrote: So I should run from Computer Configuration, instead of user configuration? On 4/19/07, Darren Mar-Elia <darren@xxxxxxxxxx > wrote: > > I suspect the problem is that you are trying to modify an HKLM reg key > in the user's security context and they don't have permissions to do that. > That is why a startup script was suggested—because that runs in the > LocalSystem security context. > > Darren > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > *On Behalf Of *Ananth Rajagopal > *Sent:* Wednesday, April 18, 2007 8:28 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: USB storage block problem. > > Hi, > > yesterday I tried out the script and it was working fine, we deployed it > by evening and today morning, we got an error message in all the systems, > the error message is attached. > > I had applied the script in User Configuration, as most of the users do > not shut down their systems, we wanted the script to be applied while users > logon, instead of when at system start. > > Kindly advice. > > best regards > Anth. > > > On 4/18/07, *Linux'o Mania* <linuxomania@xxxxxxxxxxx > wrote: > Okay.... > > First you put this vbscript in *Computer Configuration > Windows > Settings > Scripts > Startup* section. > Now when you restart the computers, it will do the following.... > > > - Will set the USBSTOR key's startup value to 4 (original is 3). > This will not let the USB Mass Storage devices start. > - Will deny anyone's access from usb.inf, usb.pnf files. This will > deny any newer devices from getting detected.... > > Please test & share results... > > Regds, > LP > > > *Ananth Rajagopal <ananth.rg@xxxxxxxxx> *wrote: > > What happens with our old script is that, when users plug in a new usb > device the device gets accepted! I'll test the script you have send and will > let you know as soon as possible, how it fares. > > thanks for the help! > On 4/18/07, *Ananth Rajagopal* < ananth.rg@xxxxxxxxx> wrote: > Can you explain a bit more detailed, we already have a bat file running > as logon script, where do I putt his script, run from the bat file or > separately at Computer Startup event? if so can u guide me step by step. > > thanks for the reply! > regards > Anth. > > On 4/18/07, *Linux'o Mania* < linuxomania@xxxxxxxxxxx> wrote: > Use this script in GPO's Computer Startup event.... > _________________________________________________________________________________ > > Dim WshShell,Retvalue > Set WshShell = CreateObject("Wscript.Shell") > WshShell.RegWrite"HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\Start",4,"REG_DWORD" > Retvalue = WshShell.run ("%comspec% /c %logonserver%\netlogon\xcacls > %windir%\inf\usbstor.inf /D everyone /T /Y",0,False) > Retvalue = WshShell.run ("%comspec% /c %logonserver%\netlogon\xcacls > %windir%\inf\usbstor.pnf /D everyone /T /Y",0,False) > Set WshShell = Nothing > Wscript.Quit > > _________________________________________________________________________________ > *Ananth Rajagopal < ananth.rg@xxxxxxxxx>* wrote: > > Hi all, > > We have this script running in our Windows 2003 domain. > > @echo off > > :: *********DISABLE USB MASS STORAGE DEVICE******** > > regedit /s "\\Tai3dserver\SYSVOL\tai3d .com\scripts\disable.reg" > > "\ \Tai3dserver\SYSVOL\tai3d.com\scripts \subinacl.exe" /keyreg > \system\currentcontrolset\services\usbstor /deny=system > > the subinacl.exe deployment was advised by Mr. Ray Lewis, basically what > the script does is, it modifies a registry value such that usb removable > storage devices are not read by the system, but new usb storage devices are > getting accessed, how do i block the modification of this registry value? > Kindly suggest methods, I'm a novice in this... > > best regards > Ananth. > > > ------------------------------ > Yahoo! Mail is the world's favourite email. Don't settle for less, sign > up for your free account today<http://uk.rd.yahoo.com/evt=44106/*http:/uk.docs.yahoo.com/mail/winter07.html>. > > > > > > ------------------------------ > Yahoo! Mail is the world's favourite email. Don't settle for less, sign > up for your free account today > <http://uk.rd.yahoo.com/evt=44106/*http:/uk.docs.yahoo.com/mail/winter07.html> > . > > ------------------------------ Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today<http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html> .