1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stopping the use of USB drives

Discussion in 'Servers and Enterprise Solutions' started by Coldzero, 15 Sep 2009.

  1. Coldzero

    Hitman

    Joined: 3 Aug 2009

    Posts: 519

    Do any of you guys block the use of usb drives on your network? can this be done via a gp?
     
  2. UKDTweak

    Soldato

    Joined: 2 Dec 2002

    Posts: 6,592

    Location: N.Ireland

    I do in our place, can be done via GP, I import a .reg file that disables the usb Store so any usb devices inserted are not detected...

     
    Last edited: 15 Sep 2009
  3. Coldzero

    Hitman

    Joined: 3 Aug 2009

    Posts: 519

    Thanks alot. :)
     
  4. siuko

    Gangster

    Joined: 10 May 2004

    Posts: 189

    Location: Derby, UK

    If you are running a Domain Controller and have your computers joined to it.

    There are options using GPO to allow or deny USB access depending on the user or group.

    I work in a school - and we have it set so staff can access usb but students cannot. :D
     
  5. Coldzero

    Hitman

    Joined: 3 Aug 2009

    Posts: 519

    siuko does that not stop the use of usb keyboards etc doing it that way?
     
  6. RSR

    Sgarrista

    Joined: 17 Aug 2006

    Posts: 8,818

    We block USB sticks, they can be blocked via GPOs as above. However, we block ours via our AV.

    Andy
     
  7. siuko

    Gangster

    Joined: 10 May 2004

    Posts: 189

    Location: Derby, UK

    Nope - its actually just preventing access to any drives that we dont want them to access.

    So everything USB works ok :D
     
  8. Ev0

    Capodecina

    Joined: 18 Oct 2002

    Posts: 13,886

    We use a paid up product that allows monitoring and control of USB devices, but as said it costs :)
     
  9. iaind

    Capodecina

    Joined: 26 Feb 2009

    Posts: 14,814

    Location: Exeter

    I wish I could find a product that works in Citrix/TS environments properly :(
     
  10. platypus

    Caporegime

    Joined: 25 Jul 2003

    Posts: 39,095

    Location: Rhône-Alpes+Cambridge

    Hmm interesting. Is there anyway to disable usb storage devices, but allow mobile devices to connect via activesync?
     
  11. siuko

    Gangster

    Joined: 10 May 2004

    Posts: 189

    Location: Derby, UK

    I would guess if the mobile devices can sync without mapping a drive then yes they should work ok.

    It doesnt stop any USB working - it just makes it so when a usb storage device is plugged in you cant see the drive it creates :D
     
  12. platypus

    Caporegime

    Joined: 25 Jul 2003

    Posts: 39,095

    Location: Rhône-Alpes+Cambridge

    Oh, nice.
     
  13. Basher

    Sgarrista

    Joined: 18 Oct 2002

    Posts: 8,389

    Lumension, SEP, Vontu?
     
  14. iaind

    Capodecina

    Joined: 26 Feb 2009

    Posts: 14,814

    Location: Exeter

    Lumension doesnt,havent heard of the other 2.

    Anything that needs direct access to the USB ports wont work as they are effectively mapped as network drives
     
  15. Basher

    Sgarrista

    Joined: 18 Oct 2002

    Posts: 8,389

    The other two are from Symantec - ENdpoint Protection and Vontu (DLP)
     
  16. Nikumba

    Mobster

    Joined: 4 Dec 2002

    Posts: 3,734

    Location: Bourne, Lincs

    You can. We use GPO on all our machines. We basically remove drive letters. We basically allow C: and the network drives, nothing else.

    Then we have policies to allow use of the cd drive in laptops for instance

    Kimbie
     
  17. tonym

    Hitman

    Joined: 6 Apr 2003

    Posts: 676

    Location: Halfway

    As do we. We use a product called Sanctuary which can stop anything being used. For all I moan about it every time someone needs to read a CD, it's great for keeping control of the PC's.
    No-one can add anything without us knowing about it, and when you do allow USB or CD access, it can shadow copy, so we can see exactly what has been put on or copied off the network.
     
  18. Ev0

    Capodecina

    Joined: 18 Oct 2002

    Posts: 13,886

    I think most people with a paid up product use this tbh :)
     
  19. iaind

    Capodecina

    Joined: 26 Feb 2009

    Posts: 14,814

    Location: Exeter

    We want to enable staff to use USB sticks, but only pre-approved hardware encrypted sticks...
     
  20. Nikumba

    Mobster

    Joined: 4 Dec 2002

    Posts: 3,734

    Location: Bourne, Lincs

    Ah fair enough

    Kimbie