Restricting access on USB port

  • Thread starter Thread starter mailto
  • Start date Start date
M

mailto

Hello all,

XP has a great feature: the plug & play technology. My problem is that I
don't want it on the 2500 stations I have to deploy. In fact, I want that XP
recognizes and uses only one kind of device which is a USB secure token and
restrict access to any other devices which can be plugged over USB.
I think I have to block ACLs on particular INF files but I'm not sure that
it would be an exhaustive job.
Any idea ?

Best regards
Stephane
 
"You can't manage USB devices using Group Policy in Windows 2000/XP, but you can disable the USB ports or use a 3rd party tool called SecureNT. When disabling USB ports, you'll need to make sure any peripherals in use (such as keyboards, mice, PDAs, and scanners) use legacy ports instead of USB ports. In most corporate networks, printers are assigned to specialized network print servers and may not be an issue. A more feasible compromise would be to only lock out desktops that have access to sensitive data, or are in areas accessible to the public. (i.e. a bank's branch office PCs should have USB ports disabled, but the secured corporate office is less of a risk.) SecureWave's SecureNT software allows businesses to control end-user access to I/O devices such as the floppy drive, Memory-sticks, PDAs, USB external storage, CD-ROM, serial and parallel ports, as well as many other Plug and Play devices".

USB Flash Drives: Useful Device or Security Threat?
http://www.labmice.net/articles/usbflashdrives.htm


--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

--------------------------------------------------------------------------------------------------------------


| Hello all,
|
| XP has a great feature: the plug & play technology. My problem is that I
| don't want it on the 2500 stations I have to deploy. In fact, I want that XP
| recognizes and uses only one kind of device which is a USB secure token and
| restrict access to any other devices which can be plugged over USB.
| I think I have to block ACLs on particular INF files but I'm not sure that
| it would be an exhaustive job.
| Any idea ?
|
| Best regards
| Stephane
 
Sorry, I should have said that I already knew SecureNT product which I have
to say is a great product. But it doesn't work (in it's current version) on
standalone stations. SecureNT client can work without its SecureNT server
but it has to be connected at least one time to it to run properly and I
cannot do it during installation phase.
My first searches went to Devcon.exe (provided by MS) so that I can disable
USB but of course, my token can't work also...
Another solution might be to modify ACLs on Usbstor.pnf and Usbstor.inf
files but I didn't tested it yet.

Stephane

PS: BTW, thanks for the link

"Carey Frisch [MVP]" <[email protected]> a écrit dans le message de
news: (e-mail address removed)...
"You can't manage USB devices using Group Policy in Windows 2000/XP, but you
can disable the USB ports or use a 3rd party tool called SecureNT. When
disabling USB ports, you'll need to make sure any peripherals in use (such
as keyboards, mice, PDAs, and scanners) use legacy ports instead of USB
ports. In most corporate networks, printers are assigned to specialized
network print servers and may not be an issue. A more feasible compromise
would be to only lock out desktops that have access to sensitive data, or
are in areas accessible to the public. (i.e. a bank's branch office PCs
should have USB ports disabled, but the secured corporate office is less of
a risk.) SecureWave's SecureNT software allows businesses to control
end-user access to I/O devices such as the floppy drive, Memory-sticks,
PDAs, USB external storage, CD-ROM, serial and parallel ports, as well as
many other Plug and Play devices".

USB Flash Drives: Useful Device or Security Threat?
http://www.labmice.net/articles/usbflashdrives.htm


--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

----------------------------------------------------------------------------
----------------------------------


| Hello all,
|
| XP has a great feature: the plug & play technology. My problem is that I
| don't want it on the 2500 stations I have to deploy. In fact, I want that
XP
| recognizes and uses only one kind of device which is a USB secure token
and
| restrict access to any other devices which can be plugged over USB.
| I think I have to block ACLs on particular INF files but I'm not sure that
| it would be an exhaustive job.
| Any idea ?
|
| Best regards
| Stephane
 
Back
Top