• General discussion

  • I am currently conducting a school project for a Local Area Network on security and auditing issues.  I would like to know if I.T. staff can have control and audit the employees if these connect any USBs/Portable hardrives on their client PCs and if they can transfer on their USBs/Portable hardrives data.  I would like to know if the I.T. staff can actually know who, what was transferred and times of transfer of files/folders, etc. and if yes how can one implement these settings.  Thanks in advance for your time and cooperation

    • Changed type Kevin Remde Friday, May 28, 2010 12:42 PM Very broad topic, and good discussion.
    Wednesday, May 26, 2010 1:59 PM

All replies

  • Clastronet,

    I don't know if you're going to find a way to audit to level of detail you're looking for.  It is possible in newer operating systems, and through policy (local or domain-based group policy) to lock down removable media and allow or deny the ability to write to it.  You also have BitLocker-to-Go in Windows 7 and Server 2008 R2, so you can enforce policy that requires removable media to be Bitlocker protected and encrypted if it's going to be used to transport files.  But as far as recording who copied what file where on a local system; I don't personally know. 

    Anyone else have a suggestion?

    Kevin Remde US IT Evangelism - Microsoft Corporation
    Friday, May 28, 2010 12:46 PM
  • There are various products out there that will do this. Symantec Endpoint Protection allows you to specify which devices a user can use and it can audit files written to USB.

    I use a solution called "Device Lock" which allows you much more control over which devices can be used, by whom and how. Then you can create reports on the use of those devices.

    Thursday, June 3, 2010 5:46 PM
  • I work for the Schools ICT and this is something we too had an issue with.  We opted for Sophos End-point security in the end and so far has been extremely useful for auditing, locking down and protecting the schools networks. Hope that helps. 
    Thursday, June 10, 2010 3:37 PM
  • Isn't there a way with event collecting to target specific USB events and at least track what\when a device was inserted? 

    I've been looking for guidance for a few days know on auditing Bitlocker-to-go but with little success.  Seems like there's little reporting within Bitlocker like there is, say, for AD:RMS.   Without Bitlocker, I have less of a compelling reason to move to the Enterprise edition.   

    I'm really curious how Microsoft audits removable devices ??  Or, anyone else for that matter.  Anyone?


    Jason Yates
    Wednesday, November 3, 2010 9:11 PM