Disabling USB pen drives

[EDuardo]

Hello,

I want to prohibit to all users, except Administrators,
the installation of any USB pen drive, can anybody tell
me how to do it with policys?

 

[Steven L Umbach]

There is built in way to do such with Group Policy. You might want to try
one of the various third party programs that can control such or see the KB
link on using a registry mod to limit USB storage. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
http://www.protect-me.com/dl/ -- DeviceLock
http://www.reflex-magnetics.com/products/disknetpro/ -- Reflex Disknet Pro

 

[Steve Riley [MSFT]]

Thing is, that reg key affects only drives that use USBSTOR.SYS. Not all
drives do.

What risk are you trying to mitigate by doing this? I assume you're
concerned about people copying information onto the drives and then taking
it with them. What about these other ways of exporting information:

* USB drives that install their own drivers
* digital cameras and MP3 players
* 1394 firewire drives
* CD and DVD recorders
* parallel port hard drives
* floppy disks
* infrared port or network transfer to other computers
* print outs
* digital photographs and screen captures
* telephone dictation

If someone wants to make off with data from your computers or network and
they've got access, generally they will be able to accomplish their goals. A
product like Rights Management Services can be very helpful here, but even
RMS won't stop what we call "analog attacks," like for instance placing the
monitor face on a photocopier and pressing the print button.

Steve Riley
(e-mail address removed)