Controlling\restricting USB mass storage device
From: Aden (ayoung@shawstock.com.au)
Date: 04/04/03
- Next message: Eduard Koller [MS]: "Re: I Stand- Alone"
- Previous message: Ted Gauthier: "Can I programmatically get passwords for user names?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Aden" <ayoung@shawstock.com.au> Date: Thu, 3 Apr 2003 16:48:55 -0800
Any idea how to controll / restrict access to removable
media like the small USB mass storage / USB Flash Disks ???
Controlling access to removable media (Win2K) can be
easily set with:
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
- AllocateFloppies
- AllocateCDRoms
- Allocatedasd
===> Why isn't there a AllocateUSBmassStorage or so ????
It appears that Windows2000 is shipped with all required
(USB mass storage)drivers for USB Flash Disks. Even in a
tightly restricted Win2K+SP3 client setup every domain
user can will have access to the USB memory (no
administrator or power user priveliges required
to "install" this kind of driver): After plug-in of the
device the driver will be installed and the first
available drive letter will be assigned to the USB mass
storage device.
We would like to restrict access to these drives
(preferable not just hiding them), like we restrict floppy
and cdrom drives, since this (in our case)is a SECURITY
issue. Are we overlooking something, or is this a bug in
the "Allocate_Floppies/CDRoms/DASD" policies as mentioned
above ???
Simply disabeling the (f.i.) USBSTOR.SYS would not work,
since it is required when using USB mouses/keyboards.
Disabling USB on system BIOS level isnt really an option
either.
- Next message: Eduard Koller [MS]: "Re: I Stand- Alone"
- Previous message: Ted Gauthier: "Can I programmatically get passwords for user names?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
