Now there are two ways to prevent USB storage devices so you may want to implement either or both methods in your organisation. Thankfully there is also a registry key in Windows XP that allows you to block the use of USB storage devices. Microsoft Support: HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and LS-120 drivers Update: I just found this article explains how use native Group Policy to disable you USB drives. However for some organisations just making drives read only is not enough I have heard stories of them having to resort to using hot glue guns to prevent people using USB storage devices. Otherwise, go harass someone else.In my previous article “ How to use Group Policy to make USB drives read only on Windows XP†I showed you you could configure Windows XP to prevent users from writing to USB block level devices. If you have something constructive to say, say it. Additionally, I don't need to download additional software, making it easier to enact on closed networks.Īlso, another concept: Use both Policy AND preference, that way if a system goes out of scope, the restriction is still there. However, the organizations I handle typically block all USB drives, so a blanket ban is much easier. Your article would indeed be great for an organization that allows USB drives, allowing the flexibility of allowing only those vetted/issued drives. I can say that pinning out an Ethernet cable as O/WO/WBr/WBl/G/Br/WG/Bl makes your network go 50 times faster, but without anything to back it up, it's just an empty statement.Ģ. I just requested to see a source for your information. I don't remember mentioning my sources (which, if you would take the time to read the second one, does indeed sayĪ policy is removed when the GPO goes out of scope-that is, when the user or computer is no longer targeted by the GPO Maybe it's a standalone system, or it needs to be exempt from Group Policy. Whatever the reason, it's pretty simple to apply the same fix:ġ. Moving along, we're going to look at an individual computer. Linked Group Policy Objects tab, right click on Server Manager window, right click on the domain you want to apply this GPO to, and select ClickĬonfigure this file or folder then - Propagate inheritable permissions to all subfolders and files, click inf).ġ5) A window will come up telling you that nobody will be able to access the file. inf file, but in this view will it not show the. Step 10 - Navigating to File System 11) Right click in the left pane and select Group Policy Management, and continue to drill down until you get to your target domain.Ĥ) Name your new Group Policy Object (GPO) " Since the most expedient way of applying a solution is to deploy a Group Policy Object (GPO), let's see how to do that first: A great thing about this solution is that it is easily deployable both on a local machine as well as on a domain.įirst, let's take a look at the bigger picture. There are many ways to disable these devices, but in my experience, I have found that one of the most effective methods can be accomplished by simply changing a registry key. Disabling these devices can help to provide better security for your systems by removing an avenue of attack. USB hard drives, flash drives, and other mass storage devices can potentially pose a threat, not only of data theft, but also as a vector to viruses and other malware that could be introduced into our systems. In today's day and age, there are many threats to the security of our information systems and networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |