Global Policy to disable FDD & USB not working

below is the adm template i have created to disable Floppy & USB to few users
on the network.

I have created three security group Disable_FDD (where all users floppy
Drive is disabled), Disable_All (where USB & Floppy is disabled),
Disable_NONE(This group has everything enabled).

right clicking the Active directory ----> properties---->group policy---> i
created 2 policy Kill_floppy & Kill_All.

Then I
1) Right clicked the Kill_floppy policy and choose "Security"
2) Remove the check at "Authenticated Users"
3) "Add" the two new Disable_FDD, Disable_NONE Groups
4) Check "Apply" for Disable_FDD
5) Check "Deny" for Disable_NONE

Similarly i did for the Kill_All policy.

1) Right clicked the Kill_ALL policy and choose "Security"
2) Remove the check at "Authenticated Users"
3) "Add" the two new Disable_ALL, Disable_NONE Groups
4) Check "Apply" for Disable_ALL
5) Check "Deny" for Disable_NONE

In each Policy I imported the respective adm file

After this at the user end. the floppy and USB are not getting disabled,
unless i tick the allow policy option for authenticated users. In this way
all the users are applied with the policy and i could not control the group
of users.

Secondly i have to restart the window twice before the policy is applied.

please help me in this

regards

shoeb
------------------------------------------------
KILL FLOPPY
------------------------------------------------
CLASS MACHINE

CATEGORY !!categoryname

POLICY !!policyname

KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"

EXPLAIN !!explaintext

PART !!labeltext DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

END CATEGORY


[strings]
categoryname="Restrict Drives"
policyname="Disable the Floppy Drive"
explaintext="Disables the computers Floppy Drive completely"
labeltext="Disable Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"

---------------------------------------------------------------
KILL USB
---------------------------------------------------------------

CLASS MACHINE

CATEGORY !!categoryname

POLICY !!policyname

KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"

EXPLAIN !!explaintext

PART !!labeltext DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

END CATEGORY


[strings]
categoryname="Restrict Drives"
policyname="Disable the USB Drive"
explaintext="Disables the computers USB Drive completely"
labeltext="Disable USB Drive"
Enabled="Enabled"
Disabled="Disabled"
.

Relevant Pages

  • Re: USB Floppy drive
    ... I researched the DOMINATOR External USB Floppy Drive ... simple USB devices, like flash drives. ... instructions do not say to load drivers off the CD for XP systems. ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: How to disable all floppy drives on the network
    ... How to disable all floppy drives on the network ... If you can disable the "Floppy Disk" driver through a policy, ... Note that disabling the floppy driver doesn't prevent people from sticking ...
    (Focus-Microsoft)
  • Re: Yee-Haa!! 5.25-inch USB floppy!
    ... a 5.25" floppy to USB interface. ... I need to be able to move a floppy drive between many machines ... Box with N many drives, likely two to satisfy the various drive ... the firmware needs to handle all possible FDC formats. ...
    (comp.os.cpm)
  • Re: Yee-Haa!! 5.25-inch USB floppy!
    ... The horrible fact of life is that current PCs FDC and floppy are ... fit with 4GB thumb drives and the like. ... When does USB go poof like the floppy? ... My choice would be to find some system to copy all the disks over ...
    (comp.os.cpm)
  • Re: Prevent BlueTooth USB access
    ... > Is it possible to block users from connecting USB devices using GPO. ... > created a GPO to hide drives for usb storage (DOS prompt blocked so not ... POLICY!!policynameusb ... policynamels120="Disable High Capacity Floppy" ...
    (microsoft.public.win2000.group_policy)