RE: Restrict USB Devices.

I found this on the web when I was asked to do the same thing. Copy the text
below into a .adm file and import into your GPO. It also has options to
disable floppy and CD

-----------------------------------------

CLASS MACHINE
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!policynameusb
KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
EXPLAIN !!explaintextusb
PART !!labeltextusb DROPDOWNLIST REQUIRED

VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
POLICY !!policynamecd
KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
EXPLAIN !!explaintextcd
PART !!labeltextcd DROPDOWNLIST REQUIRED

VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 1 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
POLICY !!policynameflpy
KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
EXPLAIN !!explaintextflpy
PART !!labeltextflpy DROPDOWNLIST REQUIRED

VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
POLICY !!policynamels120
KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
EXPLAIN !!explaintextls120
PART !!labeltextls120 DROPDOWNLIST REQUIRED

VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
END CATEGORY
END CATEGORY

[strings]
category="Custom Policy Settings"
categoryname="Restrict Drives"
policynameusb="Disable USB"
policynamecd="Disable CD-ROM"
policynameflpy="Disable Floppy"
policynamels120="Disable High Capacity Floppy"
explaintextusb="Disables the computers USB ports by disabling the
usbstor.sys driver"
explaintextcd="Disables the computers CD-ROM Drive by disabling the
cdrom.sys driver"
explaintextflpy="Disables the computers Floppy Drive by disabling the
flpydisk.sys driver"
explaintextls120="Disables the computers High Capacity Floppy Drive by
disabling the sfloppy.sys driver"
labeltextusb="Disable USB Ports"
labeltextcd="Disable CD-ROM Drive"
labeltextflpy="Disable Floppy Drive"
labeltextls120="Disable High Capacity Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"

---------------------------

HTH

Irv

"Kiran Kumar" wrote:

Hi,
I would like restrict USB Drives on all clients, I know that there are some
third party tools which do this. But i would like to do it with AD. Any ideas.

Regards

--
All is well when u''''r mind is well
.

Relevant Pages

  • RE: How to disable all floppy drives on the network
    ... How to disable all floppy drives on the network ... If you can disable the "Floppy Disk" driver through a policy, ... Note that disabling the floppy driver doesn't prevent people from ...
    (Focus-Microsoft)
  • Re: Restriction of External Drives through GPO
    ... I have searched in google and got the following .adm file. ... POLICY!!policynameusb ... policynamels120="Disable High Capacity Floppy" ... explaintextcd="Disables the computers CD-ROM Drive by disabling the ...
    (microsoft.public.windows.server.active_directory)
  • Re: USB Storage
    ... > ADM template from Simon Geary here, that can do this by disabling the ... POLICY!!policynameusb ... policynamels120="Disable High Capacity Floppy" ... usbstor.sys driver" ...
    (microsoft.public.windows.group_policy)
  • RE: Restrict USB Devices.
    ... I didn't test with USB printers. ... POLICY!!policynameusb ... policynamels120="Disable High Capacity Floppy" ... explaintextcd="Disables the computers CD-ROM Drive by disabling the ...
    (microsoft.public.windows.server.active_directory)
  • Re: USB
    ... I have an ADM template that can do this by disabling the associated drivers, ... END POLICY ... policynamels120="Disable High Capacity Floppy" ... usbstor.sys driver" ...
    (microsoft.public.windows.group_policy)