Restrict access to removable storage devices
5 July 2007 by Snakefoot | Comment » | Trackback OffMicrosoft Windows Vista enhances the access control to removable storage devices to include:
Credits Sanx.org
- CD and DVD Drives - All optical devices which includes HD-DVD and Blu-Ray drives.
- Floppy Drives - Floppy disk drives, including USB Floppy Disks.
- Removable Disks - Flash memory or hard drive based removable disks connected via USB or Firewire.
- Tape Drives - All classes of linear tape device.
- WPD Devices - Windows Portable Devices. Windows-based smartphones, media players, auxiliary displays and CE devices.
The restrictions can also be controlled through these registry settings:User Configuration \Administrative Templates \System \Removable Storage Access
Computer Configuration \Administrative Templates \System \Removable Storage Access
More Info MS Technet : Group policies in Windows Vista/2008
To make a restriction for a device-type, create a registry-key matching the device type:[HKEY_LOCAL_MACHINE \Software \Policies \Microsoft \Windows \RemovableStorageDevices]
- CD and DVD Drives - {53f56308-b6bf-11d0-94f2-00a0c91efb8b}
- Floppy Drives - {53f56311-b6bf-11d0-94f2-00a0c91efb8b}
- Removable Disks - {53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
- Tape Drives - {53f5630b-b6bf-11d0-94f2-00a0c91efb8b}
- WPD Devices needs two keys:
- {6AC27878-A6FA-4155-BA85-F98F491D4F33}
- {F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}
- Deny_Read - Enabled = 1 / Disabled = 0
- Deny_Write - Enabled = 1 / Disabled = 0
Credits Sanx.org
Tags:
Category:
Updated: 27 September 2007
Comment by Bob Woods - 1 November 2010 @ 14:46 Reply
This post refers to Windows Vista and Windows 2008 environments. Will the GPO also handle Windows XP for restricitng access to removable storage devices?