USB pen drive password program requires "allowed to eject removable NTFS media" right



We are having some problems with a customised model of a USB Flash pen

The initial model we had consisted of a floppy partition and removable
disk. This worked fine and all users (inc. standard users) could run
the security program (that ran from the floppy partition) which opened
up the removable disk partition for access.

Now with the customised version it consists of a small CDROM partition
(read-only) that contains the security program and the removable disk.
The security program (which has been modified by the manufacturers)
will now only work with admin rights.

They suggested changing the group policy "allowed to eject removable
NTFS media" under Computer Configuration > Windows Settings >Security
Settings >Local Policies >Security Options.

I tried this on a test domain changing from "not defined" to allow
"Administrators and Interactive Users" and this resolved the issue.

But I am stumped as to why? The Users could already eject/remove the
media; the issue is with running the password program.

The original pen drive did not require this right so the only things
that have changed are the security program and the move to a CDROM
partition and removable disk.

Our users actually have power user rights, though the test domain I
used, they have user rights only.

Is anyone able to shed any light on this? Here's hoping
Many Thanks

Brian Desmond [MVP]


This is simply the way Windows recognizes the usb stick. Different models
show up differently. I wouldn't be leery of granting this right, I gave it
to my users for this reason. In reality, it doesn't matter whether you eject
the stick or not.

Brian Desmond
Windows Server MVP
(e-mail address removed)


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question