'Keychain' drive policy - revisited

  • Thread starter Thread starter Michael Plotner
  • Start date Start date
M

Michael Plotner

A little while ago I asked if it was possible to create
a policy to disable access to removable storage such as
USB 'keychain' drives. It was suggested that I not give
users adminstrative rights on their workstations and thus
they could not install removable drives.

All domain users at my company are given only user
rights to their workstations, yet they can still plug in a
USB keychain drive without any problems. Windows 2000
installs the drive and allows full access. Even using
Computer Management to disable access to Removable Storage
does not prevent a user (with only User rights) from
installing a drive.

What is going wrong here? Is there anything I can do to
prevent those with only User rights from installing
removable drives?
 
I haven't looked into this all that closely, but the best I could come up
with was to sabotage the driver by deleting the relevent INF file so that
the device wouldn't be recognised.

Of course, if the driver's already been installed because a key-chain device
has already been installed then you're in trouble.

Oli
 
Back
Top