RE: Secondary Storage Device Policy

From: Laura A. Robinson (laurarobinson_at_verizon.net)
Date: 12/10/04

  • Next message: Bruno Jänes: "iisadmpwd/UPN" 
    To: "'Tim Watkins'" <watkinstj@iimef.usmc.mil>, <focus-ms@securityfocus.com>
Date: Thu, 9 Dec 2004 22:23:02 -0500

    You can do it with XPSP2:

    http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2otech.mspx
    #ECAA

    Otherwise, in most cases, you're looking at a more global disabling of USB,
    which is, of course, not what you're seeking.

    Laura

    > -----Original Message-----
    > From: Tim Watkins [mailto:watkinstj@iimef.usmc.mil]
    > Sent: Thursday, December 09, 2004 1:01 PM
    > To: focus-ms@securityfocus.com
    > Subject: Secondary Storage Device Policy
    >
    >
    >
    > I am currently developing a policy in a Microsoft environment
    > on the use of Secondary Storage Devices. This is especially
    > concerned with Thumb drives and ensuring that they do not
    > compromise security between classified systems. Do any of
    > you already have a policy in place? Additionally, is there a
    > simple way of removing the drivers from a WinXP or 2000
    > environment so that these types of devices can not be
    > installed via plug and play? I have played around with the
    > idea of shutting down USB ports but there are just too may
    > other things (mice, keyboards, cac readers) that use them.
    > If there was a way to know (event viewer perhaps) or other
    > means when one was attached, it would also help.
    >
    >
    >
    > Tim Watkins
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > -------------
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Bruno Jänes: "iisadmpwd/UPN"

    Relevant Pages

    • Re: Prevent BlueTooth USB access
      ... > Is it possible to block users from connecting USB devices using GPO. ... > created a GPO to hide drives for usb storage (DOS prompt blocked so not ... POLICY!!policynameusb ... policynamels120="Disable High Capacity Floppy" ...
      (microsoft.public.win2000.group_policy)
    • Re: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses
      ... Disable USB storage via group policy or through ... environment only allows signed scripts to execute): ... // why let anything to execute from root of fixed drives. ...
      (Full-Disclosure)
    • HAL and KDE mounting USB drives
      ... devices, especially USB drives, are not auto-run. ... both flash sticks and actual disk drives on both USB and FireWire. ... I've also confirmed that my policy options are getting set -- ...
      (Debian-User)
    • Global Policy to disable FDD & USB not working
      ... I have created three security group Disable_FDD (where all users floppy ... Drive is disabled), Disable_All (where USB & Floppy is disabled), ... Right clicked the Kill_floppy policy and choose "Security" ... categoryname="Restrict Drives" ...
      (microsoft.public.windows.server.active_directory)
    • RE: Restrict USB Devices.
      ... I didn't test with USB printers. ... POLICY!!policynameusb ... policynamels120="Disable High Capacity Floppy" ... explaintextcd="Disables the computers CD-ROM Drive by disabling the ...
      (microsoft.public.windows.server.active_directory)