Sign in with
Sign up | Sign in
Your question

W2k Workstation: Removable media

Last response: in Windows 2000/NT
Share
Anonymous
March 7, 2005 4:37:06 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Trivia question for the minute:
Any idea how I can, elegantly, lockdown access to the USB ports and CD
drives on a W2k workstation? Preferably such that Administrator can still
get to the media.

"Removable Media" under Storage in Computer Management gets me nowhere.
Explicitly denied a particular account access under everything I could find.
Once the account was logged in, there was no problem exploring the CD drive
and a USB flash drive.

Tried the CD-DVD Lock software from SoftHeap(?). Did *bad* things to the
PC. Tripled startup time and made it impossible to shutdown without hitting
the Reset / Power button.

- thanks much,
Matt Rollinson
March 7, 2005 11:44:37 PM

Archived from groups: microsoft.public.win2000.security (More info?)

In news:21AD9E0E-7D4E-461C-983B-01E321A397DE@microsoft.com,
Matt Rollinson <Matt Rollinson@discussions.microsoft.com> had this to say:

> Trivia question for the minute:
> Any idea how I can, elegantly, lockdown access to the USB ports and CD
> drives on a W2k workstation? Preferably such that Administrator
> can still get to the media.

Your question got me to thinking and I started digging through my bookmarks
to see what I'd find because I knew that I'd read something about this in
the past. Unfortunately Group Policy in 2k doesn't allow you to disable USB.
It doesn't in 2k either and I suspect that it probably doesn't in 2k3 but
I've not looked into that. Anyhow, to get to the point here, there's no way
to do this native to the OS as far as I know. SecureNT does this though.
I've been unable to rapidly find a freeware alternative for this and figured
you'd rather a speedy response than one that took a couple of days of
searching.

The information is here:

http://labmice.techtarget.com/articles/usbflashdrives.h...

The link on the page to SecureNT is no longer valid from the looks of things
but they've a chance for you to go to the downloads section where you can
request evaluation software.

Galen
--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes
Anonymous
March 8, 2005 12:28:03 AM

Archived from groups: microsoft.public.win2000.security (More info?)

There are other third party programs you might try such as Device Lock or
Reflex Disknet Pro. Otherwise consider using computer cases that lock access
to the drives and USB ports through a locked door to the front of the
computer case or disable these devices in cmos and password protect the cmos
settings so that only admins know the password though a user may be able to
bypass that if they can gain access to the inside of the case to reset the
cmos jumper pin, or bypass cmos password as some motherboards have default
cmos passwords. There are not Group Policy settings to control such
effectively. --- Steve

http://devicelock.securitybyte.com/
http://www.reflex-magnetics.com/products/disknetpro/

"Matt Rollinson" <Matt Rollinson@discussions.microsoft.com> wrote in message
news:21AD9E0E-7D4E-461C-983B-01E321A397DE@microsoft.com...
> Trivia question for the minute:
> Any idea how I can, elegantly, lockdown access to the USB ports and CD
> drives on a W2k workstation? Preferably such that Administrator can
> still
> get to the media.
>
> "Removable Media" under Storage in Computer Management gets me nowhere.
> Explicitly denied a particular account access under everything I could
> find.
> Once the account was logged in, there was no problem exploring the CD
> drive
> and a USB flash drive.
>
> Tried the CD-DVD Lock software from SoftHeap(?). Did *bad* things to the
> PC. Tripled startup time and made it impossible to shutdown without
> hitting
> the Reset / Power button.
>
> - thanks much,
> Matt Rollinson
!