Archived from groups: microsoft.public.win2000.security (
More info?)
Hi Steven.
Thanks for the info. I found another way to do it and testing it. If
successful will update u.
Regards
Joby
"Steven L Umbach" wrote:
> There is no effective solution using the native operating system. You might
> look at using computer cases that block access to the usb ports while still
> allowing the needed usb devices to be attached. There are also adapters that
> allow usb keyboards and mice to work with ps2 ports so that you can then
> disable usb ports in cmos or make sure that user does not otherwise have
> access to the usb ports. Ultimately you need to trust your users to some
> degree and have a user policy that is strictly enforced. A determined user
> that wants the data will more than likely get it one way or another such as
> emailing it to himself, using printscreen, digital camera,
> stealing/borrowing hard drive, etc. There is a registry entry for XP SP2
> that is supposed to prevent writing to usb drives/devices from the operating
> system as shown below. Others claim to have created .adm files with registry
> entries to disable usb storage based on suggestions in the KB link below.
> When I tried them they did not work in a consistent manner which would be
> unacceptable to me. Also beware that there are free third party bootable
> operating systems on cdrom such as Knoppix and Bart's PE that could allow a
> user to bypass any restriction of the authorized installed operating system.
> You should prevent users from booting from any device other than the system
> hard drive. --- Steve
>
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
>
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2otech.mspx
> -- source of info below.
> This feature provides the ability to set a registry key that will prevent
> write operations to USB block storage devices, such as memory sticks. When
> this registry key is enabled, the devices function only as read-only
> devices. You can implement this setting as part of a security strategy to
> prevent users from transporting data using these devices.
>
> Who does this feature apply to?
> . Users who do not want data to be written from their computer to a
> USB storage device.
>
> . IT professionals who want to implement organization controls over
> the use of USB block storage devices
>
>
> What settings are added or changed in Windows XP Service Pack 2
> Setting name Location
> Default value Possible values
> WriteProtect
> HKEY_LOCAL_MACHINE\System\
> CurrentControlSet\Control \StorageDevicePolicies
> DWORD=0
> 0 - Disabled
>
> 1 - Enabled
>
>
>
>
> "Joby Emmanuel" <Joby Emmanuel@discussions.microsoft.com> wrote in message
> news:0175ED2E-8026-44A8-AD33-DA121BB36B61@microsoft.com...
> > Hi,
> >
> > I want to disable the usb storage devices and the same time usb keyboard
> > and
> > mouse should work. This will help to solve the security problem of data
> > transfer to and from usb storage devices. I don't want to use any
> > thirdparty
> > softwares. If anybody knows how to do it in windows 2000 please share it.
> >
> > Thanks & regards
> > Joby
>
>
>