Preventing Installation of Network Devices?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi, at our company we have a fairly rigourous internet policy combined with
several firewalls, DMZ's, mail sweeping etc etc... However...

Yesterday one of our users had received a new mobile phone, part of the
phones default installation for syncing to a PC also allows the phone to act
as a modem.. Obviously we are happy for the user to sync his contacts,
appointments etc etc, however the modem thing is a big no no.

Does anyone have any suggestions as to how to prevent devices being added to
the network control panel or perhaps another suggestion?
 
Lacey said:
Hi, at our company we have a fairly rigourous internet policy combined with
several firewalls, DMZ's, mail sweeping etc etc... However...

Yesterday one of our users had received a new mobile phone, part of the
phones default installation for syncing to a PC also allows the phone to act
as a modem.. Obviously we are happy for the user to sync his contacts,
appointments etc etc, however the modem thing is a big no no.

Does anyone have any suggestions as to how to prevent devices being added to
the network control panel or perhaps another suggestion?
Click to expand...

If you are interested in an enterprise solution to this problem -
Securewave's Sanctuary Device Control enables you to create policies for
restricting devices connecting to your workstations.
 
If you are interested in an enterprise solution to this problem -
Securewave's Sanctuary Device Control enables you to create policies for
restricting devices connecting to your workstations.
Click to expand...

Hi Gerrard, thanks for the response. I was hoping that there may be a way to
get some limited functionality via GPO/Reg hack or similar. But I will keep
that product in mind :)
 
In
Lacey said:
Hi, at our company we have a fairly rigourous internet policy
combined with several firewalls, DMZ's, mail sweeping etc etc...
However...

Yesterday one of our users had received a new mobile phone, part of
the phones default installation for syncing to a PC also allows the
phone to act as a modem.. Obviously we are happy for the user to sync
his contacts, appointments etc etc, however the modem thing is a big
no no.

Does anyone have any suggestions as to how to prevent devices being
added to the network control panel or perhaps another suggestion?
Click to expand...

How did this user install the software in the first place? If the users have
admin rights, it will be difficult to prevent them from installing anything,
hardware or software.
If the user doesn't have admin rights on the workstation, and instead asked
an IT person to log in and install the software/driver, the IT person should
have been able to do some customization so that the modem thingy didn't get
installed at all - or was disabled once it was installed.
 
Lacey said:
Hi, at our company we have a fairly rigourous internet policy combined with
several firewalls, DMZ's, mail sweeping etc etc... However...

Yesterday one of our users had received a new mobile phone, part of the
phones default installation for syncing to a PC also allows the phone to act
as a modem.. Obviously we are happy for the user to sync his contacts,
appointments etc etc, however the modem thing is a big no no.

Does anyone have any suggestions as to how to prevent devices being added to
the network control panel or perhaps another suggestion?
Click to expand...

Take a look at DeviceLock (www.protect-me.com/dl). It can be managed
via GPO.
 
How did this user install the software in the first place? If the users have
admin rights, it will be difficult to prevent them from installing anything,
hardware or software.
If the user doesn't have admin rights on the workstation, and instead asked
an IT person to log in and install the software/driver, the IT person should
have been able to do some customization so that the modem thingy didn't get
installed at all - or was disabled once it was installed.
Click to expand...

Because for many of our users Administrative access is required for
development / RND etc. If the users weren't IT savvy it wouldn't be a
problem, as you also need to know about changing proxy settings etc.

Also your suggested method would be very labour intensive, we have well over
2,500 desktop users, 400 of which are dedicated I.T staff.
 
In
Lacey said:
Because for many of our users Administrative access is required for
development / RND etc. If the users weren't IT savvy it wouldn't be a
problem, as you also need to know about changing proxy settings etc.

Also your suggested method would be very labour intensive, we have
well over 2,500 desktop users, 400 of which are dedicated I.T staff.
Click to expand...

I guess that's why most companies have a separate LAN for their development
machines....with different IT support.
 
Back
Top