Custom policy to disable network access to removable media

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: Brendon B <BrendonB@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 18 Sep 2007 00:54:04 -0700

---

Hi everyone

We have a requirement to create a policy which disables network access to
CDROM and floppy drives on our servers.
Some research indicated that the registry keys which can do this are the
following:

Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms and
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies
respectively.

Manually changing these values to "1" has the desired effect.

I dont find an existing policy which can do this so I wrote the following
ADM file to cater for this:

*********************************************************
CLASS MACHINE

CATEGORY !!ServerBaseLine

POLICY !!DisableCDRom
EXPLAIN !!DisableCDRom_Explain
VALUENAME "AllocateCDRoms"
KEYNAME "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0

END POLICY

POLICY !!DisableFloppy
EXPLAIN !!DisableFloppy_Explain
VALUENAME "AllocateFloppies"
KEYNAME "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0

END POLICY

END CATEGORY
[strings]
DisableCDRom="Disable CDROM Drive"
DisableCDRom_Explain="Enable this to disable network use of the CDROM drive"
DisableFloppy="Disable Floppy Drive"
DisableFloppy_Explain ="Enable this to disable network use of the Floppy
drive"
ServerBaseLine="Server Baseline"
********************************************************

Importing this doesnt show the policy in the group policy snap in. It only
shows the category. If I change only the Key value to something else, you can
see the policies but obviously it wont work.

Am I doing something wrong? Some pointers please.

Thanks
.

---

• Follow-Ups:
  • Re: Custom policy to disable network access to removable media
    • From: Meinolf Weber

• Prev by Date: RE: IE7 GPO - setting home pages
• Next by Date: Re: Custom policy to disable network access to removable media
• Previous by thread: Re: Can i restart a lot of pc's
• Next by thread: Re: Custom policy to disable network access to removable media
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: How to disable all floppy drives on the network ... How to disable all floppy drives on the network ... If you can disable the "Floppy Disk" driver through a policy, ... Note that disabling the floppy driver doesn't prevent people from ... (Focus-Microsoft) Re: How to install an ADM file ... Simon Geary MVP developed a cool policy template to disable ... Floppy Disk drives and high capacity LS-120 floppy drives. ... explaintextcd="Disables the computers CD-ROM Drive by disabling the ... (microsoft.public.windows.group_policy) Re: How to install an ADM file ... Simon Geary MVP developed a cool policy template to disable ... Floppy Disk drives and high capacity LS-120 floppy drives. ... usbstor.sys driver" ... explaintextcd="Disables the computers CD-ROM Drive by disabling the ... (microsoft.public.windows.group_policy) Force Read-only on floppy drives ... I know how to disable floppy drives and CDRs entirely using the group ... policy, but is there a way to set read-only on floppy drives? ... (microsoft.public.windows.group_policy) Re: Registry Keys Changing overnight unexpectedly ... The registry keys that you are setting are same as if you would be changing ... If you change the settings in registry they will be ... changed back automatically by the policy when it is reapplied... ... Microsoft MVP - Windows Security ... (microsoft.public.windows.server.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.group_policy  > 2007-09