none
without providing access of mass storage,allow access of data card or local printer ,

    Question

  • Hello,

    Pls assist in exploring the possibility to allow access of data card or local printer  without providing access of mass storage.

     


    Balwan Singh

    Wednesday, March 25, 2015 5:25 AM

Answers

  • Hello Balwan Singh,

    You can use two methods on is using Administrative Template and the other is using Preferences, both are available within the GPO in Domain Controllers with 2008 and later.


    Option 1: Administrative Template.

    This setting can be configured either at Computer or User level.
    You need to go to:
    Computer or User Configuration\Policies\Administrative Templates\System\Removable Storage Access
    In here you can Enable the setting "Removable Disks: Deny read access" or 
    "Removable Disks: Deny write access" 
    Just be aware that this settings does not apply to a servers at a "User Configuration" level.


    Option 2: Preferences.

    This setting can be configured either at Computer or User level.
    You need to go to:
    Computer or User Configuration\Preferences\Control Panel\Devices
    In here you need to create a new item as follows:
    - Right click and select new --> Device
    - On General Tab you can select two "Action" options "Use this device (enable)" or "Do not use this device (disable)" in this case you should use the second option "
    Do not use this device (disable)"
    - On "Device class:" you can browse the devices attached to the computer from where you are configuring this GPO.
    In this list yo need to choose the "Universal Serial Bus controllers" node and among the options listed in here you should choose the "USB Mass Storage Device" which is the class used for USB drives.
    Remember that if you are configuring the GPO from a domain controller probably you do not see the 
    "USB Mass Storage Device" in the "Universal Serial Bus controllers" node since there does not exists a USB drive directly attached to your domain controller.
    You can workaround this by either connect a USB drive to your Domain Controller or connect with the Group Policy Management Console (GPMC.msc) from a workstation on which you can safely plug a USB drive just to be able to visualize it and configure your GPO.


    Related Info:
    Configure a Device Item
    https://technet.microsoft.com/en-us/library/cc771861.aspx?f=255&MSPPError=-2147217396

    I hope this info help you to reach yor goal. :D

    5ALU2 !

    Thursday, March 26, 2015 6:35 AM