none
WPD Devices: Deny read access user policy

    Question

  • Hi All,

    I have configured the following settings on my main group policy (user policy) and it has linked to my domain. 

    All Removable Storage classes: Deny all access Enabled  
    WPD Devices: Deny read access Enabled  
    WPD Devices: Deny write access Enabled 

    and in one of my sub ou GPO I have configured as "WPD Devices: Deny read access Enabled" (computer policy). when I checked with one user I found found that this user can access USB. there is no other configuration I made on this OU. as per above domain policy I have disabled All Removable Storage classes (mentioned above). then how it comes open ?. I just tried one more thing that is when I change WPD Devices: Deny read access in sub OU as Not-configured then USB will be denied. 

    I coudnt find any referrals in online regarding this.. can anyone suggest why it is happening ??

    Tuesday, April 28, 2015 4:13 PM

All replies

  • Hi,

    >>as per above domain policy I have disabled All Removable Storage classes (mentioned above). then how it comes open ?.

    Before going further, what's the operating system we are using? Based on the description, this seems a litter bit odd. Here, had we run gpupdate/force to immediately update the policy setting? Besides, we can follow the procedure below to further collect group policy result to check how policy settings were applied.

    1. On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console.

    2. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper user in the wizard)

    3. Right click the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.

    >>in one of my sub ou GPO I have configured as "WPD Devices: Deny read access Enabled" (computer policy).

    If we try to enable the setting back, will the user still be able to access USB?

    Best regards,
    Frank Shen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 30, 2015 2:51 AM
    Moderator
  • Hi,

    here the situation is on a usb disabled OUI have configured WPD Devices: Deny read access Enabled,  after enabling this option users are able to access usb. when set WPD Devices: Deny read access config as not configured the usb device disabled. why so ? 

    Friday, May 08, 2015 11:18 AM
  • Hi, Please find attached policy screenshot, please guide ,, In the domain policy - user policy I have configured following settings..

    All Removable Storage classes: Deny all access Enabled  
    WPD Devices: Deny read access Enabled  
    WPD Devices: Deny write access Enabled 

    and in the particular OU I have configured "WPD Devices: Deny read access Enabled  " settings. here my usb devices automatically getting open. once I change "WPD Devices: Deny read access" to not configured then usb will be denied .. pls guide how settings are working 

    Wednesday, June 10, 2015 4:40 AM
  • Hi,

          It seems that you have  added Root level and Sub OU level configuration for the same purpose,and what i am able to get is one is computer policy and the other is user policy.If the policy is configured at root level there isn't any need to add it in sub level if there ain't any changes.Try removing the sub level policy. Hope this may resolve ur issue.

       Have a nice day,

      Ken


    • Edited by Ken Sam Tuesday, June 30, 2015 3:21 PM
    Tuesday, June 30, 2015 3:19 PM