Re: USB disable policy template problem
- From: "Jon Rowlan" <jon.rowlan@xxxxxxxx>
- Date: Wed, 20 Dec 2006 07:40:58 -0000
I was beginning to think that may be the best way Graham.
However, the links to resellers of that do not give me a clue as to the cost
of this software ... some of the approved resellers links don't work and
others link to sites that don't seem to mention the software at all.
How much is it approx. in your home currency?
Is this the software that was currently aquired by Microsoft btw ??
many thanks,
jON
"GrahamN" <u30337@uwe> wrote in message news:6afeb8043dede@xxxxxx
This template is not a real policy but a more a preference. By default
preferences are hidden from GP template Editior. To make them shown, you
need
to change view settings within Filtering. To unveil it
Open GPEditor by running gpedit.msc snap-in
Select Administrative Templates folder from there
Select View|Filtering command from the management console's menu bar to
open
Filtering dialog box;
Check Filter by Requirements information check box within the Filtering
dialog box;
Check the categories your want to display within Select the items to be
displayed listbox
Uncheck the Only show policy settings that can be fully managed checkbox
and
click OK to apply changes and close the dialog box.
Now you should see the preferences displayed on right panel of management
console.
To add administrative template you need to select Action|Add/Remove
Templates
command within the Group Policy Editor snap-in, choose the *.ADM file you
want to add to your Administrative Templates folder.
All that said, bear in mind that this template will tatoo your users'
registry with its settings because of it's nature. So if you'll remove it
from the GP, you will NOT remove settings made by it from clients.
Addionally,
the list of devices that can be locked by this template is pretty limited
to
USB, CD-ROM, Floppy and LS-120. When the first to really can present
itself a
serious treat for corporate security, the last pair is rarely used
nowadays.
From my point of view, Bluetooth, Blackberry and Wi-Fi devices are
representing much more 'dangerous' devices that can harm corporate
security.
Storage of portable devices today is enough to steal some data quick and
imperceptibly. After the some troublesome happend to us we at our company
decided to take this more seriously. We decided to purchase USB & Ports
Security option for Scriptlogic's Desktop Authority (
http://www.scriptlogic.com/products/desktopauthority). It allows us to
implement various levels of internal security for different departments or
offices. Thus we disabled allready noted wireless devices, opened USB
sticks
and CD-ROMs for read-only access and leaved the access to PCMCIA devices
for
mobile group only.
Jon Rowlan wrote:
I have downloaded the Microsoft provided USB/Floppy/CDROM disable policy
template (ADM) file.
I am using GPMC but canot seem to get the settings to apply to a group
policy linked to the domain.
These are preference type policies ... does that make a difference?
I want, for example, to disable the USB storage for certain user group but
allow for others. Failing that I'd like to disable the device completely
for
all users if thats the best I can achieve.
But I don't seem to be able to find where to apply these settings so that
the actually get applied to WXP SP2 workstations.
jON
.
- References:
- USB disable policy template problem
- From: Jon Rowlan
- Re: USB disable policy template problem
- From: GrahamN
- USB disable policy template problem
- Prev by Date: Re: Startup programs do not start on reboot *without* logging in.
- Next by Date: Re: Migrating Profiles on Same Computer
- Previous by thread: Re: USB disable policy template problem
- Next by thread: track employee time using logon & logoff
- Index(es):
Relevant Pages
|
|
