Site icon WinCert

Disable removable drives using GPO

<p><a href&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2015&sol;01&sol;windows-server&period;jpg" rel&equals;"attachment wp-att-550"><img class&equals;"alignnone size-full wp-image-550" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2015&sol;01&sol;windows-server&period;jpg" alt&equals;"Windows Server&comma;printer&comma;hp&comma;hp deskjet&comma;kms&comma;backup&comma;notification area&comma;update&comma;wsus&comma;illegaltag&comma;printer port&comma;scheduled task&comma;root hints&comma;installation file missing&comma;spoolsv&period;exe&comma;installer error&comma;iis6&comma;home server&comma;print drivers&comma; print spooler&comma;windows update&comma;metro apps&comma;auto-login&comma;standalone installer&comma;iis6&comma;ie11 compatibility view" width&equals;"720" height&equals;"340" &sol;><&sol;a><&sol;p>&NewLine;<p>Here&&num;8217&semi;s how you can easily disable use of external or removable drives using Group Policy in your Active Directory environment&period;<&sol;p>&NewLine;<p>First we need to create a new policy and link it to the Organizational unit&period;<&sol;p>&NewLine;<p>Now edit the newly created policy and navigate to&colon;<&sol;p>&NewLine;<p><strong>Computer Configuration &vert; Administrative Templates &vert; System &vert; Removable Storage Access<&sol;strong><&sol;p>&NewLine;<p>In the right pane open the &&num;8220&semi;<strong>All Removable Storage classes&colon; Deny all access<&sol;strong>&&num;8221&semi; setting&period;<&excl;--more--><&sol;p>&NewLine;<p><a href&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2016&sol;01&sol;removable-storage-policy&period;png" rel&equals;"attachment wp-att-1620"><img class&equals;"alignnone wp-image-1620 size-full" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2016&sol;01&sol;removable-storage-policy&period;png" alt&equals;"removable drives" width&equals;"681" height&equals;"431" &sol;><&sol;a><&sol;p>&NewLine;<p>Set the policy to &&num;8220&semi;<strong>Enabled<&sol;strong>&&num;8221&semi;<&sol;p>&NewLine;<p>Since this is a Computer configuration policy it should be applied to a computer containter&period;<&sol;p>&NewLine;<p>On the other hand if you would like to apply this policy to a user containter you will have to enable <strong>Group Policy Loopback processing mode<&sol;strong> policy setting to be able to apply this policy on a user container&period;<&sol;p>&NewLine;<p>In this case policy will be applied to all computers&sol;users in that container&period;<&sol;p>&NewLine;<p>To filter out users or computers that should not receive this policy&comma; go to <strong>Delegation tab&sol;Advanced<&sol;strong> setting and select desired Active Directory Security group and select Deny checkbox under &&num;8220&semi;<strong>Apply group policy<&sol;strong>&&num;8221&semi; setting&period;<&sol;p>&NewLine;<p>All users&sol;computers that are members of this Active Directory Security group will not get this policy applied&period;<&sol;p>&NewLine;<p>You can also think about using a third-party solution like the Device lock which is great since you can filter usage of USB removable drives on a Hardware ID base&period; It also integrates with Active Directory&period;<&sol;p>&NewLine;<p>You can also monitor files that are being copied from and to USB removable drives&period;<br &sol;>&NewLine;<a href&equals;"http&colon;&sol;&sol;www&period;devicelock&period;com&sol;" target&equals;"&lowbar;blank">http&colon;&sol;&sol;www&period;devicelock&period;com&sol;<&sol;a><&sol;p>&NewLine;<p>Comments are welcome&excl;<&sol;p>&NewLine;

Exit mobile version