RE: Disabling USB mass storage
From: Miroslaw Slawek Chorazy (mchorazy_at_depaul.edu)
Date: 03/04/05
- Previous message: Murad Talukdar: "computer account password...."
- Maybe in reply to: Martin a Marika TYDOROVCI: "Disabling USB mass storage"
- Next in thread: Free, Bob: "RE: Disabling USB mass storage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 04 Mar 2005 11:02:39 -0600 To: <shay@communitysavings.ca>, <focus-ms@securityfocus.com>
>Anyone have any experience with locking these down using GPO?
yes, if you enable
if you use a combination of non-administrative rights, altering where
windows looks for drivers when new device is detected and disabling
unsigned drivers from install by default then what you will get is
plugandplay will get stuck actually loading the driver necessary and so
your desired effect will occur but how are you going to be able to tell
what is legitimate use vs. abuse?
slawek
>>> Steven Hay <shay@communitysavings.ca> 3/3/2005 14:52 >>>
Good topic question, one we're having issues with as well, but with XP
SP1.
We want to disable any removable drives from working on our 400+
workstations without having to visit each one.
I tried denying access to usbstor.sys in the GPO, and confirmed that
the
policy was applied to our test system. But it seems like the system
privliges override the GPO rights (I'm guessing) as the removable
drive
letter pops up and is usable when a USB drive is connected.
Anyone have any experience with locking these down using GPO?
Steve
-----Original Message-----
From: Moser, Scott [mailto:scott.moser@smead.com]
Sent: March 3, 2005 12:40 PM
To: Martin a Marika TYDOROVCI; focus-ms@securityfocus.com
Subject: RE: Disabling USB mass storage
Create new key
HKLM\System\CurrentControlSet\Control\StorageDevicePolicies
and then create REG_DWORD called WriteProtect and set to 1. This will
prevent write only (not read) in XP SP2 only.
-----Original Message-----
From: Martin a Marika TYDOROVCI [mailto:tydy@szm.sk]
Sent: Wednesday, March 02, 2005 2:10 PM
To: focus-ms@securityfocus.com
Subject: Disabling USB mass storage
Hi list,
Does anyone knows a way to disable USB mass storage device in Win XP?
I
need to disable using devices such as USB flash drive, card readers,
etc.
Regards
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- --------------------------------------------------------------------------- Please note that Internet email is not always private, secure or reliable. The sender accepts no liability for any damages caused by any virus inadvertently transmitted with this email. Any opinion expressed in this email is solely that of the author, unless clearly indicated otherwise. This email, and any attachments, may contain confidential and/or proprietary information that is intended only for use by the addressee. If you are not the intended recipient, any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please delete the email and advise the sender of the delivery error. --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Murad Talukdar: "computer account password...."
- Maybe in reply to: Martin a Marika TYDOROVCI: "Disabling USB mass storage"
- Next in thread: Free, Bob: "RE: Disabling USB mass storage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
