Announcement

Collapse
No announcement yet.

Domain level Group ploicy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain level Group ploicy

    Hi,

    I tried applying group policy for blocking usb for users. The group ploicy was applying successfully for windows 7 machine but didn't have any effect for windows xp machine.
    Also, the tcp/ip properties were disabled for windows xp machine after joining xp machines to domain. The domain contoller is running in windows 2008 server.

    Regards,
    Anish

  • #2
    Re: Domain level Group ploicy

    Check in your GPO which versions of Windows the policy settings apply to.
    IIRC the change in blocking USB devices came with Vista so this is probably expected behaviour

    Can you tell us exactly what GPO settings you have changed to block USBs

    For the TCP/IP settings, run a RSoP
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Domain level Group ploicy

      Thanks, The policy for blocking usb devices requires at least windows vista as mentioned there.

      But what will organisation do if they have most of the computers running windows xp machine. Is there any other way to block usb in windows xp machines?

      USB Block - Computer Configuration-->Policies-->Administrative Templates-->System-->Removable Storage Access

      Regards,
      Anishk


      Originally posted by Ossian View Post
      Check in your GPO which versions of Windows the policy settings apply to.
      IIRC the change in blocking USB devices came with Vista so this is probably expected behaviour

      Can you tell us exactly what GPO settings you have changed to block USBs

      For the TCP/IP settings, run a RSoP

      Comment


      • #4
        Re: Domain level Group ploicy

        There is a very helpful, but little known, website called which helps you answer questions like that. Using a suitable search phrase e.g. "Group Policy Block USB in Windows XP" gives hundreds of thousands of links to likely solutions:
        https://www.google.co.uk/search?q=Gr...bqGIajPaeGgIAN

        There are third party tools to do it, or you can start tweaking clients via your policy.

        A word of warning (from bitter experience): It is possible to go "a tweak too far" and lose access to all USB devices, which can be very embarrassing when the Keyboard and Mouse are included!
        Last edited by Ossian; 1st April 2013, 07:25.
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment

        Working...
        X