Re: USB disable policy template problem
- From: "GrahamN" <u30337@uwe>
- Date: Tue, 19 Dec 2006 13:26:31 GMT
This template is not a real policy but a more a preference. By default
preferences are hidden from GP template Editior. To make them shown, you need
to change view settings within Filtering. To unveil it
Open GPEditor by running gpedit.msc snap-in
Select Administrative Templates folder from there
Select View|Filtering command from the management console's menu bar to open
Filtering dialog box;
Check Filter by Requirements information check box within the Filtering
dialog box;
Check the categories your want to display within Select the items to be
displayed listbox
Uncheck the Only show policy settings that can be fully managed checkbox and
click OK to apply changes and close the dialog box.
Now you should see the preferences displayed on right panel of management
console.
To add administrative template you need to select Action|Add/Remove Templates
command within the Group Policy Editor snap-in, choose the *.ADM file you
want to add to your Administrative Templates folder.
All that said, bear in mind that this template will tatoo your users'
registry with its settings because of it's nature. So if you'll remove it
from the GP, you will NOT remove settings made by it from clients. Addionally,
the list of devices that can be locked by this template is pretty limited to
USB, CD-ROM, Floppy and LS-120. When the first to really can present itself a
serious treat for corporate security, the last pair is rarely used nowadays.
From my point of view, Bluetooth, Blackberry and Wi-Fi devices arerepresenting much more 'dangerous' devices that can harm corporate security.
Storage of portable devices today is enough to steal some data quick and
imperceptibly. After the some troublesome happend to us we at our company
decided to take this more seriously. We decided to purchase USB & Ports
Security option for Scriptlogic's Desktop Authority (
http://www.scriptlogic.com/products/desktopauthority). It allows us to
implement various levels of internal security for different departments or
offices. Thus we disabled allready noted wireless devices, opened USB sticks
and CD-ROMs for read-only access and leaved the access to PCMCIA devices for
mobile group only.
Jon Rowlan wrote:
I have downloaded the Microsoft provided USB/Floppy/CDROM disable policy
template (ADM) file.
I am using GPMC but canot seem to get the settings to apply to a group
policy linked to the domain.
These are preference type policies ... does that make a difference?
I want, for example, to disable the USB storage for certain user group but
allow for others. Failing that I'd like to disable the device completely for
all users if thats the best I can achieve.
But I don't seem to be able to find where to apply these settings so that
the actually get applied to WXP SP2 workstations.
jON
.
- Follow-Ups:
- Re: USB disable policy template problem
- From: Jon Rowlan
- Re: USB disable policy template problem
- References:
- USB disable policy template problem
- From: Jon Rowlan
- USB disable policy template problem
- Prev by Date: Re: Copy files with permissions safely 2000 to 2003
- Next by Date: Re: Copy files with permissions safely 2000 to 2003
- Previous by thread: USB disable policy template problem
- Next by thread: Re: USB disable policy template problem
- Index(es):
Relevant Pages
|
