Disable USB drives for specific users
Hi
I need to prevent a small group of students from using USB drives but allow them for everybody else. Clients are XP pro on Server 2003 domain. http://support.microsoft.com/default.aspx/kb/555324 explains how to disable USB drives but this only seems to work if I apply the policy to the OU containing my computers. This doesn't work for me as I have different students using the same computers, but only want the use of USB drives to be disabled when certain students logon.
Any ideas?
Thanks
Jason
답변
- Hi
We can certainly Disable USB usage on all computers or for a group of people
1) we need to create a GPO for this or add in existing GPO to target machines. Following registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
Needs to be added to file system control in GPO & give Deny to all. This will disable this registry entry on all machines which will recieve this settings.
This registry stores the driver info for USB device, if this location is disabled usb driver will not load for any external USB device.
2) we can use GPO filtering for deploying this policy only on a group of users wherever they login in domain. To perform this Add these users in security filtering of GPO & assign Apply gpo right, do Not assign to authenticated users if u want to specify for some users.
I have tested & deployed this solution in production environments.
Thanks- 답변으로 표시됨Mervyn ZhangMSFT, 중재자2009년 7월 10일 금요일 오전 1:30
모든 응답
- Hello,
use this way and configure access for a specific domain user group with the needed accounts:
http://support.microsoft.com/kb/823732
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. - Thanks for the prompt response.
I did come across this article. The first part "If a USB storage device is not already installed on the computer" would be of some help but a lot of the students have previously connected the devices. The trouble is the second part "If a USB storage device is already installed on the computer" involves changing a registry key in HKEY_LOCAL_MACHINE which will then prevent any subsequent user that logs on from using a USB drive.
Thanks
Jason - Hi Jason,
As far as I know, we could not prevent a computer group policy from applying when certain user/group logs on or computer configuration applys only to certain users.
Computer-related Group Policy (or computer configuration) is applied when the operating system initializes and during the periodic refresh cycle. In general, computer policy takes precedence over conflicting user policy. Thus, it is not possible to configure a computer configuration, such as the Hardware policy, to apply to specific users.
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights. - Hi
We can certainly Disable USB usage on all computers or for a group of people
1) we need to create a GPO for this or add in existing GPO to target machines. Following registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
Needs to be added to file system control in GPO & give Deny to all. This will disable this registry entry on all machines which will recieve this settings.
This registry stores the driver info for USB device, if this location is disabled usb driver will not load for any external USB device.
2) we can use GPO filtering for deploying this policy only on a group of users wherever they login in domain. To perform this Add these users in security filtering of GPO & assign Apply gpo right, do Not assign to authenticated users if u want to specify for some users.
I have tested & deployed this solution in production environments.
Thanks- 답변으로 표시됨Mervyn ZhangMSFT, 중재자2009년 7월 10일 금요일 오전 1:30
- Hi Jason,
Could you please confirm whether Nitesh’s suggestion resolves your problem.
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights.
