Re: Secondary Storage Device Policy
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 12/09/04
- Previous message: jkowall: "Re: Secondary Storage Device Policy"
- In reply to: Tim Watkins: "Secondary Storage Device Policy"
- Next in thread: Laura A. Robinson: "RE: Secondary Storage Device Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 09 Dec 2004 12:51:53 -0800 To: Tim Watkins <watkinstj@iimef.usmc.mil>
Windows Tip #707: Control Block Storage Devices (aka: USB Flash Drives):
http://windows.about.com/library/tips/bltip707.htm
JSI Tip 8730. How can I prevent Windows XP users from writing to USB
storage devices?:
http://www.jsiinc.com/SUBR/tip8700/rh8730.htm
Controlling block storage devices on USB buses
What does controlling block storage devices on USB buses do?
This feature provides the ability to set a registry key that will
prevent write operations to USB block storage devices, such as memory
sticks. When this registry key is enabled, the devices function only as
read-only devices. You can implement this setting as part of a security
strategy to prevent users from transporting data using these devices.
Who does this feature apply to?
•
Users who do not want data to be written from their computer to a USB
storage device.
•
IT professionals who want to implement organization controls over the
use of USB block storage devices
What settings are added or changed in Windows XP Service Pack 2
Setting name Location Default value Possible values
*WriteProtect*
*HKEY_LOCAL_MACHINE\System\*
*CurrentControlSet\Control \StorageDevicePolicies*
DWORD=0
*0 - *Disabled
*1 -* Enabled
Top of page <#top>Top of page <#top>
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2otech.mspx
Tim Watkins wrote:
>I am currently developing a policy in a Microsoft environment on the use of Secondary Storage Devices. This is especially concerned with Thumb drives and ensuring that they do not compromise security between classified systems. Do any of you already have a policy in place? Additionally, is there a simple way of removing the drivers from a WinXP or 2000 environment so that these types of devices can not be installed via plug and play? I have played around with the idea of shutting down USB ports but there are just too may other things (mice, keyboards, cac readers) that use them. If there was a way to know (event viewer perhaps) or other means when one was attached, it would also help.
>
>
>
>Tim Watkins
>
>---------------------------------------------------------------------------
>---------------------------------------------------------------------------
>
>
>
>
-- An open letter to Steve Ballmer:: http://msmvps.com/bradley/archive/2004/12/06/22637.aspx --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: jkowall: "Re: Secondary Storage Device Policy"
- In reply to: Tim Watkins: "Secondary Storage Device Policy"
- Next in thread: Laura A. Robinson: "RE: Secondary Storage Device Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
