Announcement

Collapse
No announcement yet.

Deny write access to USB mass storage devices - possible?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Deny write access to USB mass storage devices - possible?

    Hey
    huge ask, and not %100 if possible
    i know there are policies to disable users from CDRW DVDRW etc
    but what i am after, as its of huge importance to my workplace,
    is there a way to disable USB mass storgage devices, preferably with read access only and no write, or if not, just have them disable completely, things like ipods, USB drives etc,

    all help appreciated
    this is on a windows 2003 domain with XP and few 2000 clients.

  • #2
    Re: Deny write access to USB mass storage devices - possible?

    is this where you looking for?

    http://forums.petri.com/showthread.php?t=3299
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Deny write access to USB mass storage devices - possible?

      cool thanks for that,

      Still proving a bit a problem tho, to block removable media! and really dont want to go to 3rd party tools.

      Comment


      • #4
        Re: Deny write access to USB mass storage devices - possible?

        You could also try this approach:

        http://www.petri.com/configure_usb_d..._in_xp_sp2.htm
        Cheers,

        Daniel Petri
        Microsoft Most Valuable Professional - Active Directory Directory Services
        MCSA/E, MCTS, MCITP, MCT

        Comment


        • #5
          Re: Deny write access to USB mass storage devices - possible?

          Hrmm, cant seem to get that working , had to create the key, do you need to remove the string it creates with it? the REG-SZ.

          Just plugged in a USB Drive and it opened up, could read from it, and write. =[


          one more question, excuse me if its silly, whats the best way to push out registry changes via GPO? Have never done it.

          Thanks!

          edit: jsut realised i am not running SP2! will try again!
          Last edited by Maxwell Shivers; 19th October 2005, 03:41.

          Comment

          Working...
          X