How to control USB ports and CD/DVD drive?

Status
Not open for further replies.
M

morland

Posts: 48   +0
Hi,

In a LAN environment (Windows 2003 as the server O/S and Windows XP and the O/S on client machines) how can we control/limit the use of USB ports and CD/DVD drives? Do we need to use some software for this or are their built-in features etc. (like the concept of Administrator, and Group policies, etc.) that can be used to achieve this?

The one problem that I can think of is that if USB ports are locked/blocked then how will users be able to use their mouse and keyboards? The reason to control/limit use of USB ports is so that someone might not plug-in a USB stick and either introduce virus into the LAN or copy important and sensitive files. I know that they can easily email the files to someone but the idea is to minimize the risks even though they cannot be totally controlled. We also want to control the use CD drives so that users can not i) Burn data on CD's and ii) install software on their own

Will appreciate some good and simple solution (if one exists).

Thanks
P.S
I hope I am NOT posting this in the wrong forum
 
You can set "policies" on the client machines running XP Professional. One such policy disables non-Admin users from using removable USB media by . (If they plug it in, XP won't mount it) Would that meet your need?

/* edit */
There are also policies for setting software restrictions on users (among other things). Here's some links/info about setting software policy
> Description of the Software Restriction Policies in Windows XP
> Using Software Restriction Policies to Protect Against Unauthorized Software
 
Thanks LookinAround. It looks like this will solve some of the problems. I will have to try them in the actual LAN environment and see how it works. At a glance it seems that this will only help control use of software ( i maybe wrong thought). But what about my core requirements i.e. controlling USB devices and CD drives?

Will appreciate any clues/tips/thoughts.

Thanks
 
1) fyi.. Policies can be set
> at the individual workstation level or
> as a "group" policy to be applied to all the machines in a network.
I've only set policies at the workstation level (i.e. for my own home machines) so someone else can hopefully explain the method to administer policies so they're applied to a group of machines (which would be easier for your situation)
> Also, here's a link that might also be helpful in that regard

2) Here's some additional info about setting policy to disable USB removable media. See here

Someone else might also be aware and better able to provide more info about XP policies to control CD/DVD access and usage (i've never used them). You might also find some info by Googling something like XP group policy CD
 
Next image of systems the one you use for a test model can be setup to have all of these devices disabled so end user don't have access to them. So GP could be set and tested under UAT prior to your next image deployment or with a small system patch you could send over the domain and have users just leave their system on using SMS push or Active Directory Push to their accounts. The user would just reboot or you could have it done in a WHS.
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Lenovo unveils USB-C Dual Display Travel Dock with 100W USB power delivery
Replies
7
Views
430
veLa
veLa
D
Microsoft Edge could soon let you control how much RAM it uses
Replies
10
Views
228
lripplinger
lripplinger
Shawn Knight
Belkin launches 11-in-1 USB-C dock for laptops with limited port selection
Replies
1
Views
255
waclark
W

Latest posts

Back