none
2008 r2 GPolicy Question

    Question

  • Dear Sirs,

    I have a Domain with 2008 r2 OS and Windows 7 Clients. I need to implement a scenario where all users can't write on usb drives EXCEPT some specific user accounts. 

    I was try to Open the Default domain Group Policy settings and then change the Computer Configuration\Policies\System\Removable Storage Access\ to Allow. With this Action ALL company wasn't able to write on USB Disks. But with this method i can't find a way to select a "whitelist"users so they can Write to usb drives.

    how this can establish ? 

    thank you

    Wednesday, November 21, 2012 10:44 AM

Answers

  • Thank you for your answer. This answer refer only to domains 2003. This method also works for 2008 but i need something more simple. The way i described it is much easier but i cannot find how to apply it only to specific users. What is suggested? to create 2 seperate GPO ? One for allow users and one for Deny users? Or just create one GPO and assign it to Deny Users ?

    See this Blog http://www.grouppolicy.biz/tag/usb/. Here you can find all the info what you are looking for.The Author have been explained in different ways and also shared some of best practices.

    Note:Same blog details you can find in my previous post if you navigated it completely. Anyways sharing it with you again. Thanks :)


    Regards, Ravikumar P

    Friday, November 23, 2012 12:16 PM

All replies

  • Hello, 

    Seems you are looking to restrict some users to use USB & write data in it.If so create a separate OU for deny and permitted users and set policy accordingly.

    So, I suggest you to see this thread and configure accordingly.


    Regards, Ravikumar P

    Wednesday, November 21, 2012 11:04 AM
  • Hi,

    If you want to restrict users from using USB Drives via Group Policy, I suggest we could refer to the following article for detailed steps.

    Disable Adding USB Drive and Memory Sticks via Group Policy and Group Policy Preferences

    http://blogs.technet.com/b/danstolts/archive/2009/01/21/disable-adding-usb-drive-and-memory-sticks-via-group-policy-and-group-policy-preferences.aspx

    Since you only want to apply the policy setting to specific users in the domain, we could try to configure Security Filtering to limit the GPO applying scope. In addition, if you configure the Group Policy via GPP, we could also use Item-level Targeting to achieve the target. For details, please refer to the following articles.

    Security filtering using GPMC

    http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx

    Preference Item-Level Targeting

    http://technet.microsoft.com/en-us/library/cc733022.aspx

    Best Regards,

    Andy Qi


    Andy Qi
    TechNet Community Support

    Friday, November 23, 2012 9:15 AM
    Moderator
  • Thank you for your answer. This answer refer only to domains 2003. This method also works for 2008 but i need something more simple. The way i described it is much easier but i cannot find how to apply it only to specific users. What is suggested? to create 2 seperate GPO ? One for allow users and one for Deny users? Or just create one GPO and assign it to Deny Users ?

    Friday, November 23, 2012 10:32 AM
  • Thank you for your answer. This answer refer only to domains 2003. This method also works for 2008 but i need something more simple. The way i described it is much easier but i cannot find how to apply it only to specific users. What is suggested? to create 2 seperate GPO ? One for allow users and one for Deny users? Or just create one GPO and assign it to Deny Users ?

    See this Blog http://www.grouppolicy.biz/tag/usb/. Here you can find all the info what you are looking for.The Author have been explained in different ways and also shared some of best practices.

    Note:Same blog details you can find in my previous post if you navigated it completely. Anyways sharing it with you again. Thanks :)


    Regards, Ravikumar P

    Friday, November 23, 2012 12:16 PM