By default, Group Policy does not offer a facility to easily disable drives containing removable media (USB storage). However, Group Policy can be extended to use customised settings by applying an ADM template. The ADM template here allows an Administrator to disable the respective drivers of these devices, ensuring that they cannot be used.
- Create your ADM template. (rename .txt to .adm)
- Import the administrative template using GPO Editor
- In order to show the self customized template, you have to uncheck the Only show policy settings that can be fully managed in the Filtering option
- The Disable USB option appear and you can control the USB storage through the GPO
6 comments:
if it is a success (coz i didnt test it yet) ... then the article/blog is fantastic and even doesnt need any further description ....thanks a lot /...
Sir,
I just tried in Win Xp and Win 2003Server. but it is not working
give any other suggestions plz
S. Suresh Kumar
You can have a look at 3rd party solutions that seems like more flexible with this.
Some desktop management systems may iclude such functionality as well.
As we are in a big enterprise enironment I'm thinking about the last way. I got some good recommendations of desktop authority by scriptlogic that contains powerful usb and ports security features.
I think we'll migrate to this solution in the near future- it looks very promising.
Using GPO to disable USB storage device:
I have followed the comments here and in various blogs on how to implement this. Whenever i test using my USB storage device, it doesn't get disabled. Am logging to our domain as a user on a client computer. Anyone who can give me a step by step guide?
Mutua
You should choose Enable "Disbale USB Storage"
Check the following keys by regedit.exe and make sure all the keys are appear in the client PCs
HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\
ImagePath REG_EXPAND_SZ system32\DRIVERS\USBSTOR.SYS
Start REG_DWORD 3
Post a Comment