I read all the Q-articales and suggestions in the newsgroups but my request
is a little different.
All these options require tatooing the HKLM part of the registry (which I
don't mind doing) but I want to disable USBSTOR based on a group of users,
not computers. Is there a way to create a ADM and disable the USBSTOR under
the CLASS USER section instead of the CLASS MACHINE?
These users may move from computer to computer and I need these restrictions
to follow them and not stay at the computer.
http://support.microsoft.com/default...b;en-us;823732
http://support.microsoft.com/?kbid=555324
Here is what I was using for testing. This works perfectly but only for
groups of computers. Can this be done for groups of users?
CATEGORY !!MAIN
CATEGORY !!USB_FEATURES
POLICY !!SET_USBSTOR_START
#if version >= 4
SUPPORTED !!SUPPORTED_Win2k
#endif
KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
EXPLAIN !!USBSTOR_START_DETAILS
VALUENAME "START"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 3
END POLICY
Policy !!SET_USB_READONLY
#if version >= 4
SUPPORTED !!SUPPORTED_WindowsXPSP2
#endif
KEYNAME "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
EXPLAIN !!USB_READONLY_DETAILS
VALUENAME "WriteProtect"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
END CATEGORY
Similar Threads
