M
Matthew Miller
It has come to my attention that normal users on my network can plug in and
use USB Flash Memory sticks with no problems what so ever.
This is a huge security risk for us, and it also violates our polices to
allow such activity. I cannot find how to disable this.
Current Settings: (Domain Group Policy) Computer Config\Windows
Settings\Security Settings\Local Policies\Security Options\
Devices: Allow to format and eject removable media = Administrators
Local Policies on client computers are default for same setting (which is
Administrators)
What else do I need to do? Going around and disabling all USB ports is not
a practical solution, our computers are spread to far apart to accomplish
anything that big.
Any changes you suggest, will they affect current users of USB mem sticks,
or only new users? We have 2 individuals with authorization to use a USB
mem stick who will need to continue to use a mem stick; but several who
currently use one, need all rights removed immediately! (2 users who need
to continue, one is a Power User, and one is a normal Domain User)
Thanks for any and all help
Matt
use USB Flash Memory sticks with no problems what so ever.
This is a huge security risk for us, and it also violates our polices to
allow such activity. I cannot find how to disable this.
Current Settings: (Domain Group Policy) Computer Config\Windows
Settings\Security Settings\Local Policies\Security Options\
Devices: Allow to format and eject removable media = Administrators
Local Policies on client computers are default for same setting (which is
Administrators)
What else do I need to do? Going around and disabling all USB ports is not
a practical solution, our computers are spread to far apart to accomplish
anything that big.
Any changes you suggest, will they affect current users of USB mem sticks,
or only new users? We have 2 individuals with authorization to use a USB
mem stick who will need to continue to use a mem stick; but several who
currently use one, need all rights removed immediately! (2 users who need
to continue, one is a Power User, and one is a normal Domain User)
Thanks for any and all help
Matt