[gptalk] Re: how to block removable USB storage devices
- From: "Ray Lewis" <razor@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Sun, 22 Oct 2006 13:35:29 +0100
Hi Anth
Depending on how you disabled the devices initially, I would just have the
counteractions within login scripts. I had a similar scenario last year and
I basically created two Login scripts - one for administrators
(unrestricted) and one for Users (restricted). Each script then points to an
addition .reg file. For additional security, changing the permissions for
the USBSTOR also came in handy although you will need to download
SubInAcl.exe for this.
Here is an example....
To Restrict
First of all, create a .reg file and copy the following information:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000004
Now save the file into an accessible location - we'll use C:\dword4.reg in
this example. Once you have obtained the SubInAcl file, I would position
this in the same directory.
Within the logon script, type the following:
:: *********DISABLE USB MASS STORAGE DEVICE********
regedit /s "\\SERVER\C$\dword4.reg"
"\\SERVER\C$\\subinacl.exe" /keyreg
\system\currentcontrolset\services\usbstor /deny=system
To Enable
Again, create a .reg file and include the following:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000003
Save this file into an accessible location again - we'll use C:\dword3.reg
in this example.
:: *********ENABLE USB MASS STORAGE DEVICE********
regedit /s "\\SERVER\C$\dword3.reg"
"\\SERVER\C$\\subinacl.exe" /keyreg
\system\currentcontrolset\services\usbstor /grant=system
Hope this helps
Ray
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Ananth Rajagopal
Sent: 17 October 2006 11:58
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] how to block removable USB storage devices
Hi,
This is my first query, won't be the last for sure...
I'm working in an Animation studio, we have a policy here of blocking all
USB drives, along with FDD and CDD.
But we are getting some Pen Tablets, and all are USB devices, so obviously
we will need to allow enable USB ports, is there any way to block users from
connecting their removable drives and copying data using Group Policies?
Kindly advice..in detail :-)
regards
anth
- Follow-Ups:
- [gptalk] Re: how to block removable USB storage devices
- From: Ananth Rajagopal
- References:
- [gptalk] how to block removable USB storage devices
- From: Ananth Rajagopal
Other related posts:
- » [gptalk] how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- » [gptalk] Re: how to block removable USB storage devices
- [gptalk] Re: how to block removable USB storage devices
- From: Ananth Rajagopal
- [gptalk] how to block removable USB storage devices
- From: Ananth Rajagopal