Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
2008 r2 GPolicy Question

תשובה 2008 r2 GPolicy Question

  • Wednesday, November 21, 2012 10:44 AM
     
     
    Sign In to Vote
    0

    Dear Sirs,

    I have a Domain with 2008 r2 OS and Windows 7 Clients. I need to implement a scenario where all users can't write on usb drives EXCEPT some specific user accounts. 

    I was try to Open the Default domain Group Policy settings and then change the Computer Configuration\Policies\System\Removable Storage Access\ to Allow. With this Action ALL company wasn't able to write on USB Disks. But with this method i can't find a way to select a "whitelist"users so they can Write to usb drives.

    how this can establish ? 

    thank you

     

All Replies

  • Wednesday, November 21, 2012 11:04 AM
     
     
    Sign In to Vote
    0

    Hello, 

    Seems you are looking to restrict some users to use USB & write data in it.If so create a separate OU for deny and permitted users and set policy accordingly.

    So, I suggest you to see this thread and configure accordingly.

    Regards, Ravikumar P

     
  • Friday, November 23, 2012 9:15 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    If you want to restrict users from using USB Drives via Group Policy, I suggest we could refer to the following article for detailed steps.

    Disable Adding USB Drive and Memory Sticks via Group Policy and Group Policy Preferences

    http://blogs.technet.com/b/danstolts/archive/2009/01/21/disable-adding-usb-drive-and-memory-sticks-via-group-policy-and-group-policy-preferences.aspx

    Since you only want to apply the policy setting to specific users in the domain, we could try to configure Security Filtering to limit the GPO applying scope. In addition, if you configure the Group Policy via GPP, we could also use Item-level Targeting to achieve the target. For details, please refer to the following articles.

    Security filtering using GPMC

    http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx

    Preference Item-Level Targeting

    http://technet.microsoft.com/en-us/library/cc733022.aspx

    Best Regards,

    Andy Qi

    Andy Qi
    TechNet Community Support

     
  • Friday, November 23, 2012 10:32 AM
     
     
    Sign In to Vote
    0

    Thank you for your answer. This answer refer only to domains 2003. This method also works for 2008 but i need something more simple. The way i described it is much easier but i cannot find how to apply it only to specific users. What is suggested? to create 2 seperate GPO ? One for allow users and one for Deny users? Or just create one GPO and assign it to Deny Users ?

     
  • Friday, November 23, 2012 12:16 PM
     
     Answered
    Sign In to Vote
    0

    Thank you for your answer. This answer refer only to domains 2003. This method also works for 2008 but i need something more simple. The way i described it is much easier but i cannot find how to apply it only to specific users. What is suggested? to create 2 seperate GPO ? One for allow users and one for Deny users? Or just create one GPO and assign it to Deny Users ?

    See this Blog http://www.grouppolicy.biz/tag/usb/. Here you can find all the info what you are looking for.The Author have been explained in different ways and also shared some of best practices.

    Note:Same blog details you can find in my previous post if you navigated it completely. Anyways sharing it with you again. Thanks :)

    Regards, Ravikumar P