Archived from groups: microsoft.public.windowsxp.hardware (
More info?)
Troubled with USB installations?
Although XP supports USB devices natively, USB is still problematic
for administrators. The response below from Nathan is clear but
missing important detail. When he says "install software" he groups
at least three things that can happen on the computer. (3) The last
thing you might do is install a software, like a picture viewer for a
USB camera, but that's not really the issue here (2) More to the
point, you need to install a driver if the computer can't find a
"hardware-rank matched" driver(1) And for some even greater
explanation of what is going on... you are asking the computer to
associate your device serial number with the USB port
In Windows XP a user needs ADMINISTRATIVE membership to (1) associate
the device to a USB port, (2) to install drivers, (3) and to install
software.
Why are some drivers "hardware rank matched"? It depends if the
vendor follows Microsoft's rules for hardware and driver development.
The vendor has to join the club so to speak:
http://www.microsoft.com/whdc/device/mf/mfdesign.mspx
KB-2194335 discusses a "properly-signd OEM driver package". This
article explains why standard users have problems with USB devices in
Windows 2000.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;219435
Many users are happy using devices at home that are not signed by
Microsoft. When users plug those devices into school computers with
NON ADMINISTRATIVE ACCESS, they have a harder time accessing their
device than users of devices with signed drivers. But wait... even if
they have a signed device, ADMINISTATIVE ACCESS is required for the
very first installation of the device.
School administrators want to enable students to use USB devices as
easily as floppy disks. Corporate and government administrators often
want to block unapproved USB devices.
The policies that Nathan refered to are limited. "Local Security
Policy" for "unsigned driver installation behavior" only applies to
administrators. The choices are silently suceed, warn, or do not
allow. Standard users will not benefit from these settings.
Administrative membership is required. EVEN WITH THE ADDITION OF XP
SERVICE PACK 2 the policy hasn't changed very much. Here's a
description:
- - - - -
Determines how the system responds when a user tries to install device
driver files that are not digitally signed. This setting establishes
the least secure response permitted on the systems of users in the
group. Users can use System in Control Panel to select a more secure
setting, but when this setting is enabled, the system does not
implement any setting less secure than the one the setting
established. When you enable this setting, use the drop-down box to
specify the desired response. -- Ignore directs the system to
proceed with the installation even if it includes unsigned files. --
Warn notifies the user that files are not digitally signed and lets
the user decide whether to stop or to proceed with the installation
and whether to permit unsigned files to be installed. Warn is the
default. -- Block directs the system to refuse to install unsigned
files. As a result, the installation stops, and none of the files in
the driver package are installed. To change driver file security
without specifying a setting, use System in Control Panel. Right-click
My Computer, click Properties, click the Hardware tab, and then click
the Driver Signing button.
- - - - -
I haven't mentioned "domain policy", but I think the question was
about "local security policy". I think the two are the same in this
case.
There is one alternative. Give students membership to the
Administrators but lock-down the local policies in all other areas.
This would be rather frustrating to implement. The result would not
be the same as a standard user with boosted USB access.
Microsoft is trying to make machines more secure, while the New York
Times and CNet tell us that USB flash devices are a fasion statement
and required in some classes.
http://news.com.com/From+storage,+a+new+fashion/2100-1041_3-5378415.html
School administrators need to allow standard users to install USB
devices.
-Happy Happy Joy Joy
Nathan McNulty <nospam@msn.com> wrote in message news:<e77bEQaoEHA.2300@TK2MSFTNGP10.phx.gbl>...
> I can't really answer that directly, but you should be able to add just
> about any USB device that XP supports natively without having to install
> any extra software. Now if you have to install Software for it, that
> may be where you are being blocked. It also depends on what kind of
> policy the administrator has set up.
>
> Basically, all USB devices use a Vendor ID for the device (this is how
> XP recognizeses the devices at the driver level). It may be possible
> that some VID's are blocked, but since I have never used a user account
> (not an admin account), I have never tried.
>
> ----
> Nathan McNulty
>
>
> Darran wrote:
> > Does anyone know what USB devices can be installed on a XP build without any
> > admin rights? Things like mice, keyboards etc seem to go on ok for all people
> > but it seems to get more confusing when we start talking about modems and
> > memory sticks. Is there a definative list of devices or is it too random
> > becuase of the many different types of devices on the market? At what point
> > does the machine decide if rights are or are not needed?
> >
> > No prize for a nice conclusive answer unfortunately but it would as always
> > be extremely grateful!
> >
> > D
Facebook
Twitter
Instagram