I do in our place, can be done via GP, I import a .reg file that disables the usb Store so any usb devices inserted are not detected...

 

If you are running a Domain Controller and have your computers joined to it.

There are options using GPO to allow or deny USB access depending on the user or group.

I work in a school - and we have it set so staff can access usb but students cannot.

 

We block USB sticks, they can be blocked via GPOs as above. However, we block ours via our AV.

Andy

 

Nope - its actually just preventing access to any drives that we dont want them to access.

So everything USB works ok

 

We use a paid up product that allows monitoring and control of USB devices, but as said it costs

 

I wish I could find a product that works in Citrix/TS environments properly

 

Hmm interesting. Is there anyway to disable usb storage devices, but allow mobile devices to connect via activesync?

 

I would guess if the mobile devices can sync without mapping a drive then yes they should work ok.

It doesnt stop any USB working - it just makes it so when a usb storage device is plugged in you cant see the drive it creates

 

Oh, nice.

 

Lumension, SEP, Vontu?

 

Lumension doesnt,havent heard of the other 2.

Anything that needs direct access to the USB ports wont work as they are effectively mapped as network drives

 

The other two are from Symantec - ENdpoint Protection and Vontu (DLP)

 

You can. We use GPO on all our machines. We basically remove drive letters. We basically allow C: and the network drives, nothing else.

Then we have policies to allow use of the cd drive in laptops for instance

Kimbie

 

As do we. We use a product called Sanctuary which can stop anything being used. For all I moan about it every time someone needs to read a CD, it's great for keeping control of the PC's.
No-one can add anything without us knowing about it, and when you do allow USB or CD access, it can shadow copy, so we can see exactly what has been put on or copied off the network.

 

I think most people with a paid up product use this tbh

 

We want to enable staff to use USB sticks, but only pre-approved hardware encrypted sticks...

 

Ah fair enough

Kimbie