Prevent BlueTooth USB access

  • Thread starter Thread starter PeteL
  • Start date Start date
P

PeteL

Is it possible to block users from connecting USB devices using GPO. I've
created a GPO to hide drives for usb storage (DOS prompt blocked so not too
worried about that aspect) but I just wondered if you can block BlueTooth or
any other USB devices.

TIA.

Pete.
 
PeteL said:
Is it possible to block users from connecting USB devices using GPO. I've
created a GPO to hide drives for usb storage (DOS prompt blocked so not
too
worried about that aspect) but I just wondered if you can block BlueTooth
or
any other USB devices.

TIA.

Pete.
Click to expand...

You can use this ADM template to disable USB devices, it works by disabling
the usbstor.sys driver. I'm not sure about Bluetooth though, if you know
what driver bluetooth relies on I could probably edit the adm to include
that as well.

CLASS MACHINE

CATEGORY !!category

CATEGORY !!categoryname

POLICY !!policynameusb

KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"

EXPLAIN !!explaintextusb

PART !!labeltextusb DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

POLICY !!policynamecd

KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"

EXPLAIN !!explaintextcd

PART !!labeltextcd DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 1 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

POLICY !!policynameflpy

KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"

EXPLAIN !!explaintextflpy

PART !!labeltextflpy DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

POLICY !!policynamels120

KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"

EXPLAIN !!explaintextls120

PART !!labeltextls120 DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

END CATEGORY

END CATEGORY

[strings]
category="Custom Policy Settings
categoryname="Restrict Drives"
policynameusb="Disable USB"
policynamecd="Disable CD-ROM"
policynameflpy="Disable Floppy"
policynamels120="Disable High Capacity Floppy"
explaintextusb="Disables the computers USB ports by disabling the
usbstor.sys driver"
explaintextcd="Disables the computers CD-ROM Drive by disabling the
cdrom.sys driver"
explaintextflpy="Disables the computers Floppy Drive by disabling the
flpydisk.sys driver"
explaintextls120="Disables the computers High Capacity Floppy Drive by
disabling the sfloppy.sys driver"
labeltextusb="Disable USB Ports"
labeltextcd="Disable CD-ROM Drive"
labeltextflpy="Disable Floppy Drive"
labeltextls120="Disable High Capacity Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"
 
Simon

Sorry about the delay in responding. I'll give this a go.

Thanks.

Pete.
Simon Geary said:
PeteL said:
Is it possible to block users from connecting USB devices using GPO. I've
created a GPO to hide drives for usb storage (DOS prompt blocked so not
too
worried about that aspect) but I just wondered if you can block BlueTooth
or
any other USB devices.

TIA.

Pete.
Click to expand...

You can use this ADM template to disable USB devices, it works by disabling
the usbstor.sys driver. I'm not sure about Bluetooth though, if you know
what driver bluetooth relies on I could probably edit the adm to include
that as well.

CLASS MACHINE

CATEGORY !!category

CATEGORY !!categoryname

POLICY !!policynameusb

KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"

EXPLAIN !!explaintextusb

PART !!labeltextusb DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

POLICY !!policynamecd

KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"

EXPLAIN !!explaintextcd

PART !!labeltextcd DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 1 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

POLICY !!policynameflpy

KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"

EXPLAIN !!explaintextflpy

PART !!labeltextflpy DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

POLICY !!policynamels120

KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"

EXPLAIN !!explaintextls120

PART !!labeltextls120 DROPDOWNLIST REQUIRED

VALUENAME "Start"

ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST

END PART

END POLICY

END CATEGORY

END CATEGORY

[strings]
category="Custom Policy Settings
categoryname="Restrict Drives"
policynameusb="Disable USB"
policynamecd="Disable CD-ROM"
policynameflpy="Disable Floppy"
policynamels120="Disable High Capacity Floppy"
explaintextusb="Disables the computers USB ports by disabling the
usbstor.sys driver"
explaintextcd="Disables the computers CD-ROM Drive by disabling the
cdrom.sys driver"
explaintextflpy="Disables the computers Floppy Drive by disabling the
flpydisk.sys driver"
explaintextls120="Disables the computers High Capacity Floppy Drive by
disabling the sfloppy.sys driver"
labeltextusb="Disable USB Ports"
labeltextcd="Disable CD-ROM Drive"
labeltextflpy="Disable Floppy Drive"
labeltextls120="Disable High Capacity Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"
Click to expand...
 
Back
Top