Announcement

Collapse
No announcement yet.

block Usb storage

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • block Usb storage

    Hi

    I have configured usb storage block policy for computer account on OU at DC machine using help of

    http://www.petri.com/disable_usb_disks_with_gpo.htm ,

    all client computers account located in that OU

    but issue is still there and my all user have access data through USB. how van I block this. whats the laking from my side

    I have add USB_removable_drives_ADM file .
    than enable "Disable USB Removable Drives"
    than stooped "usbstore.sys driver status"
    than run --------> gpupdate /force.
    Last edited by dakshespatel; 5th September 2007, 11:13.

  • #2
    Re: block Usb storage

    Hi,

    I faced same issue, some users can't use USB and other can or it block for some time and its open some other day. it was very strange issue.
    What I had dome I add gpupdate.exe on the user login script and till now its working fine
    eBe75

    Comment


    • #3
      Re: block Usb storage

      Hi,

      I do not understand. we can run gpupdate /force on DC machine. but can we run with every user login script. How it is possible.

      and yes I have configured this for computer account. And all are in located in one OU i have applied Group policy on ou.

      Comment


      • #4
        block Usb storage

        Hi

        I have configured usb storage block policy for computer account on OU at DC machine using help of

        http://www.petri.com/disable_usb_disks_with_gpo.htm ,

        all client computers account located in OU, I have set policy on that ou,

        but issue is still there and my all user have access data through USB. how van I block this. whats the laking from my side
        ----------------------------------------------------------
        I have done following steps:

        I have add USB_removable_drives_ADM file .
        than enable "Disable USB Removable Drives"
        than stooped "usbstore.sys driver status"
        then enforce policy
        than run --------> gpupdate /force.

        Comment


        • #5
          Re: can't able to USB storage devices block

          Are you sure the group policy was applied.
          Run the following on any of the computers located in the OU
          rsop.msc from the command promopt, and update me with the result.
          Best regards,
          Mostafa Itani

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: can't able to USB storage devices block

            Hi,

            I have run this rsop.msc but opens one window, what i need to check.

            please give me help !!!!!!!!!

            I have added attached page of applied policy.

            Thanks
            Attached Files
            Last edited by dakshespatel; 6th September 2007, 07:03.

            Comment


            • #7
              Re: can't able to USB storage devices block

              The article is missing one piece of information (I will edit it later):

              You need to remove the SYSTEM access permissions from the usbstor.sys and usbstor.inf files.

              However, make note that under some circumstances, the SYSTEM should have write access to these files during Service Pack installation. For example, when the SP is installed via GPO or SMS, the installation runs under the SYSTEM Account.

              Service Pack needs to replace the files to a new version and without proper write access to the file, installation will fail...

              Therefore, before each SP deployment we need to allow access to the SYSTEM account for these files.
              Cheers,

              Daniel Petri
              Microsoft Most Valuable Professional - Active Directory Directory Services
              MCSA/E, MCTS, MCITP, MCT

              Comment


              • #8
                Re: can't able to USB storage devices block

                Hi,

                Thanks sir for fast replying.

                I could not remove this permission from

                C:\WINDOWS\ServicePackFiles\i386\usbstor.sys

                c:\windows\inf\usbstor.inf

                because of object inheriting from its parent. That’s ‘s why I have deny write permission.

                let us know, I have required only usb storage device blocking for some computers for any user

                Comment


                • #9
                  Re: block Usb storage

                  PLEASE DO NOT DOUBLE POST!
                  You have the same question here: http://forums.petri.com/showthread.php?t=18211

                  Reported to admins for action
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: block Usb storage

                    Thread closed for double posting!

                    Michael
                    Michael Armstrong
                    www.m80arm.co.uk
                    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment


                    • #11
                      Re: can't able to USB storage devices block

                      Hi,

                      sorry sir problem is still there,

                      I have sbs 2003 with SP-2, please help me. What I do for that ?

                      because Data theft is still going in my organization. and I am very confused regarding this issue.

                      I have applied all this thing again. but no positive response .

                      Thanks in advance.

                      Comment


                      • #12
                        Re: can't able to USB storage devices block

                        I did not say DENY WRITE, I said DENY READ...
                        Cheers,

                        Daniel Petri
                        Microsoft Most Valuable Professional - Active Directory Directory Services
                        MCSA/E, MCTS, MCITP, MCT

                        Comment


                        • #13
                          Re: can't able to USB storage devices block

                          Hi,

                          I have set read / read & excute permission as per your help.

                          but issue is still there.

                          Please give me some idea about that

                          Thanks in advance

                          Comment


                          • #14
                            Re: can't able to USB storage devices block

                            I have no idea why you found it necessary to post the SAME question in 2 different forums especially when you were getting answers from the first.

                            This thread will be merged with your other one and it shall be left open so others may contribute if they feel like it.

                            Irrespective of your reason for the double post, this is in direct violation of the Posting Rules and as such you are getting a 2 week ban for violating the rule.

                            Sorry Michael, Opened Thread when I merged them.
                            Last edited by biggles77; 6th September 2007, 17:10. Reason: Added info.
                            1 1 was a racehorse.
                            2 2 was 1 2.
                            1 1 1 1 race 1 day,
                            2 2 1 1 2

                            Comment


                            • #15
                              Re: block Usb storage

                              Hi,

                              Add your all computer in one group. and thats after give deny permmision on usbstore.sys as well as usbstore.inf on AD machine.



                              If problem is occured that first run "goupdate /force" after you have to Turn all your computers in workgroup an re-join to that domain.. to doing this group policy will apply on the spot.

                              I think it is enough for this Issue.

                              Comment

                              Working...
                              X