Answered by:
acess limited removable media by gpo

Question
Answers
-
deny group policy
https://support.microsoft.com/kb/816100?wa=wsignin1.0
instructions on applying the policy with pictures
http://prajwaldesai.com/how-to-disable-usb-devices-using-group-policy/
- Marked as answer by larrymthompson Tuesday, January 20, 2015 8:31 PM
All replies
-
yeh you can do this Computer Configuration > Policies > Administrative Templates > System > Removable Storage Access - Deny all Access
use security filtering in conjunction or delegation\advanced and deny read access and apply group policy for administrators of that GPO
- Proposed as answer by Elaine JingModerator Monday, January 19, 2015 5:47 AM
-
Hi larrymthompson,
The setting provided by Alex works for your scenario, just one additional remind, it is not recommend to change the default domain policy.
You can create an OU which contains all the computers in the domain. And then link the group policy to this OU, and deny the administrators to apply this GPO. Regarding how to Deny All Access to Removable Devices or Media via group policy, you can check the below link for the details:
http://technet.microsoft.com/en-us/library/cc772540(v=ws.10).aspx
If you have any other questions, feel free to let me know.
Best Regards,
Elaine
- Edited by Elaine JingModerator Friday, January 16, 2015 9:46 AM CHANGE
-
Not sure why you would create an OU and add all the computers to that OU considering you can only be in one OU at a time and this wouldn't add to flexibility further down the line in fact Id stay well clear of this. I would just link to the domain NOT add to the default domain policy.
-
Alex,
Thank you for your reply. I did not consider moving the domain members into another OU due to my inability to determine whether I should move them into another OU or copy them. My problem is apparently lack of knowledge into how to apply a group policy. I did indeed set the template to deny all removable media, but it apparently has no effect (or not the effect I wished). Additionally how does one set up a policy to except administrators (I know it would be to deny the deny) but the actual practice. They are already in a group (Administrators) so how do I create a policy that would except them from the deny all (once it works).
Than you for your time.
Larry Thompson
-
deny group policy
https://support.microsoft.com/kb/816100?wa=wsignin1.0
instructions on applying the policy with pictures
http://prajwaldesai.com/how-to-disable-usb-devices-using-group-policy/
- Marked as answer by larrymthompson Tuesday, January 20, 2015 8:31 PM
-
-