none
Disable USB Drives GPO

    Question

  • Hello,

    I have a GPO set and linked to my AD domain to disable USB drives when they connect. The policy has the following settings enabled.

    Removable Disks: Deny read access

    Removable Disks: Deny write access

    WPD Devices: Deny read access

    WPD Devices: Deny write access

    However, when I test users are always able to connect and use the USB drives. Is there anything else that needs to be configured before the policy works correctly?

    Thanks in advance,

    Thursday, March 26, 2015 4:26 PM

Answers

  • I was able to get everything working after the gpresult /v showed that the gpo filtering was 'Not Applied (Empty)'. I checked and it wasn't linked to the right OU. Thanks for the help. Everything's working now.
    Tuesday, March 31, 2015 12:30 PM

All replies

  • Servers an clients versions?

    You wouldn't demand your Doctor a therapy just because you told him "I don't feel very well"
    You wouldn't expect your accountant to know how much your taxes are just because you told him "I have earned some money"
    Do not expect any IT Pro to suggest you a solution just because you said "It doesn't work"

    Thursday, March 26, 2015 4:33 PM
  • Sorry. The servers are a mix of 2003 and 2007, mostly 2007. The clients are 99% Windows 7 with a couple of XP machines. The GPO was configured on a 2007 DC and testing is being done on the Windows 7 clients.
    Thursday, March 26, 2015 6:37 PM
  • You mean server 2008 I guess. And the problem occurs on both XP and 7 ?

    You wouldn't demand your Doctor a therapy just because you told him "I don't feel very well"
    You wouldn't expect your accountant to know how much your taxes are just because you told him "I have earned some money"
    Do not expect any IT Pro to suggest you a solution just because you said "It doesn't work"

    Thursday, March 26, 2015 6:40 PM
  • Yes, server 2008 and yes it's occurring on XP and 7.
    Thursday, March 26, 2015 6:53 PM
  • can you post the output of

    gpresult /v

    from a client computer with a test user logged in


    You wouldn't demand your Doctor a therapy just because you told him "I don't feel very well"
    You wouldn't expect your accountant to know how much your taxes are just because you told him "I have earned some money"
    Do not expect any IT Pro to suggest you a solution just because you said "It doesn't work"

    Thursday, March 26, 2015 7:02 PM
  • Hi

    You may have a check if the group policy got applied or not just as aperelli just indicated above.

    Also you could try to configure your group policy setting like below:

    >>navigate to \Computer Configuration\Policies\Administrative Templates\System\Removable Storage Access.

    >>enable the below setting: All Removable Storage Classes: Deny All Access.

    >>In the Command Prompt, type GPupdate /force

    This setting is a effective way to diasble the removable storage access.

    Best Regards,

    Elaine

     


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 27, 2015 6:12 AM
    Moderator
  • I was able to get everything working after the gpresult /v showed that the gpo filtering was 'Not Applied (Empty)'. I checked and it wasn't linked to the right OU. Thanks for the help. Everything's working now.
    Tuesday, March 31, 2015 12:30 PM