Discussion in 'Servers and Enterprise Solutions' started by Coldzero, 15 Sep 2009.
Do any of you guys block the use of usb drives on your network? can this be done via a gp?
I do in our place, can be done via GP, I import a .reg file that disables the usb Store so any usb devices inserted are not detected...
If you are running a Domain Controller and have your computers joined to it.
There are options using GPO to allow or deny USB access depending on the user or group.
I work in a school - and we have it set so staff can access usb but students cannot.
siuko does that not stop the use of usb keyboards etc doing it that way?
We block USB sticks, they can be blocked via GPOs as above. However, we block ours via our AV.
Nope - its actually just preventing access to any drives that we dont want them to access.
So everything USB works ok
We use a paid up product that allows monitoring and control of USB devices, but as said it costs
I wish I could find a product that works in Citrix/TS environments properly
Hmm interesting. Is there anyway to disable usb storage devices, but allow mobile devices to connect via activesync?
I would guess if the mobile devices can sync without mapping a drive then yes they should work ok.
It doesnt stop any USB working - it just makes it so when a usb storage device is plugged in you cant see the drive it creates
Lumension, SEP, Vontu?
Lumension doesnt,havent heard of the other 2.
Anything that needs direct access to the USB ports wont work as they are effectively mapped as network drives
The other two are from Symantec - ENdpoint Protection and Vontu (DLP)
You can. We use GPO on all our machines. We basically remove drive letters. We basically allow C: and the network drives, nothing else.
Then we have policies to allow use of the cd drive in laptops for instance
As do we. We use a product called Sanctuary which can stop anything being used. For all I moan about it every time someone needs to read a CD, it's great for keeping control of the PC's.
No-one can add anything without us knowing about it, and when you do allow USB or CD access, it can shadow copy, so we can see exactly what has been put on or copied off the network.
I think most people with a paid up product use this tbh
We want to enable staff to use USB sticks, but only pre-approved hardware encrypted sticks...
Ah fair enough
Separate names with a comma.