none
usb devices "white list"

    Question

  • Hello,

    our company goes to ISO sertificate, so we need make some security improvements in our AD.

    We have mixed AD computers - windows7pro and 8.1pro. DC runs on Server 2008. There is ~ 80PC

    We need to restrict users to access USB devices, except "aproved" ones.

    I can make a list of aproved devices (lets say "white list")  in GPOM by hardware IDS (on new added PCs its work prefect).

    Problem:

    can i somehow restrict usb devices which was already plugged (and installed) in some old PCs (i don't know, it was or not)

    and force PCs to use only ones from "white list"?

    thanks for suggestions and directions.

    ps. sry for my english.

    Sunday, November 06, 2016 1:52 PM

All replies

  • Hi todazLT,

    >>can i somehow restrict usb devices which was already plugged (and installed) in some old PCs (i don't know, it was or not)

    Please refer to the following GPO settings, under computer configuration, configuring the related settings, manually update the policies on these clients, usinggpupdate /force, detailed location, please check the figure below:

    Note: You need to configure these two settings on DC.

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 07, 2016 5:51 AM
    Moderator
  • OK.

    I will try it.

    Thanks.

    Monday, November 07, 2016 9:39 AM
  • You're welcome!

    If you have any updates or need more assistances, welcome feedback here.

    Have a nice day!

    Best regards,

    Andy


    .


    Monday, November 07, 2016 9:54 AM
    Moderator