Re: Blocking access to USB flash drives/external firewire devices

Here are some resources, but note these can be bypassed if I want to.

HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and LS-120
drivers
http://support.microsoft.com/default.aspx?scid=kb;en-us;555324

How to disable the use of USB storage devices
http://support.microsoft.com/default.aspx?scid=kb;en-us;823732

To bypass these policies all one would have to do is e.g. boot into
alternative operating system (even from CD). Not even 3rd party tools won't
prevent that.

--
Mike
Microsoft MVP - Windows Security

"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:Oc96vitkFHA.2852@xxxxxxxxxxxxxxxxxxxxxxx
> What are you trying to protect here?
>
> If you are afraid that I will steal your data I can find so many more ways
> to do it (e.g. LPT port, PS2 port, ...). Will you disable those too?
> Do users have access to the internet? If yes, they can open up Gmail
> account and upload up to 2GB of data (this is only one service)...
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Marc Hoffman" <mhoffman@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:BF0D3AD6.B88E%mhoffman@xxxxxxxxxxxxxxxxxxxxxxxxxx
>> I've been looking and looking for a way to block access to USB/firewire
>> external devices via group policy, as these devices can be a big sucurity
>> risk. I know that there are several third party programs out there that
>> can
>> do this, but to be honest, I really do not like the idea of having to add
>> more software onto our users' workstations (as well as the servers).
>>
>> Thanks in advance.
>>
>> Marc
>>
>
>


.

Relevant Pages

  • Re: Login Interactively
    ... much indicate some systemic failure of domain infrastructure. ... Microsoft MVP (Windows Security) ... >> I just enabled group policy so that all of the machines would get ... >> If I reboot sometimes it will let them login. ...
    (microsoft.public.windows.server.security)
  • Re: Windows OneCare told me its firewall is off but I cant turn it on
    ... START | RUN | type GPEDIT & press ENTER ... Look in there for the said group policy if you have permission ... firewall but when I go to the Windows security center it will not let me do ... anything with the firewall settings. ...
    (microsoft.public.windowsxp.general)
  • Re: Disabling USB ports and external disk drives
    ... > disk drives with Active Directory policies? ... there's no group policy available to disable USB, ... perhaps system or domain admin rights to the following key ...
    (microsoft.public.win2000.hardware)
  • Re: Disabling USB ports and external disk drives
    ... >> disk drives with Active Directory policies? ... >there's no group policy available to disable USB, ... >perhaps system or domain admin rights to the following key ...
    (microsoft.public.win2000.hardware)
  • Re: GPMC RPC Error
    ... It appears that I had disabled the TCP Netbios Helper, although I am unsure ... why that would block access to Group Policy - when Active Directory was able ...
    (microsoft.public.windows.group_policy)