RE: Disabling USB mass storage

 In addition to all the other solutions presented, I recently came
across a newer product I have not seen mentioned before while following
numerous discussions in this vein, GFI LANguard Portable Storage Control
(P.S.C.). It can be managed with AD groups therefore GPO's and
delegation definitely seem possible. "GFI LANguard P.S.C. allows you to
define which users can use removable media centrally from Active
Directory - simply by making them a member of three pre-defined groups".
It also controls floppies and CD's and the price seems darned reasonable
as is usually the case with GFI's offerings. Just thought I throw that
out as another consideration.

http://www.gfi.com/lanpsc/

-----Original Message-----
From: Steven Hay [mailto:shay@communitysavings.ca] 
Sent: Friday, March 04, 2005 7:35 AM
To: 'focus-ms@securityfocus.com'
Subject: RE: Disabling USB mass storage

Removable drives, yes.

If we can do it by GPO then we're hoping we can decide what
systems/users
can be allowed to use removable storage devices (like camera's, USB
drives,
etc).  Ideally we'd like to have it so a few manager's systems are
allowed,
as well as IT staff.

-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@pacbell.net] 
Sent: March 3, 2005 10:14 PM
To: Steven Hay
Cc: 'focus-ms@securityfocus.com'
Subject: Re: Disabling USB mass storage


HOW TO: Disable the Use of USB Storage Devices in Windows XP:
http://support.microsoft.com/default.aspx?scid=kb;en-us;823732

Disable completely?

Steven Hay wrote:

> Good topic question, one we're having issues with as well, but with XP 
> SP1.
>
> We want to disable any removable drives from working on our 400+ 
> workstations without having to visit each one.
>
> I tried denying access to usbstor.sys in the GPO, and confirmed that 
> the policy was applied to our test system.  But it seems like the 
> system privliges override the GPO rights (I'm guessing) as the 
> removable drive letter pops up and is usable when a USB drive is 
> connected.
>
> Anyone have any experience with locking these down using GPO?
>
> Steve
>
> -----Original Message-----
> From: Moser, Scott [mailto:scott.moser@smead.com]
> Sent: March 3, 2005 12:40 PM
> To: Martin a Marika TYDOROVCI; focus-ms@securityfocus.com
> Subject: RE: Disabling USB mass storage
>
>
> Create new key 
> HKLM\System\CurrentControlSet\Control\StorageDevicePolicies
> and then create REG_DWORD called WriteProtect and set to 1.  This will
> prevent write only (not read) in XP SP2 only.
>
> -----Original Message-----
> From: Martin a Marika TYDOROVCI [mailto:tydy@szm.sk]
> Sent: Wednesday, March 02, 2005 2:10 PM
> To: focus-ms@securityfocus.com
> Subject: Disabling USB mass storage
>
> Hi list,
>
> Does anyone knows a way to disable USB mass storage device in Win XP? I

> need to disable using devices such as USB flash drive, card readers, 
> etc.
>
> Regards
>
> -----------------------------------------------------------------------
> -
> ---
> -----------------------------------------------------------------------
-
> ---
>
>
>
> -----------------------------------------------------------------------
> ----
> -----------------------------------------------------------------------
----
> Please note that Internet email is not always private, secure or
reliable.
> The sender accepts no liability for any damages caused by any virus
> inadvertently transmitted with this email.  Any opinion expressed in
this
> email is solely that of the author, unless clearly indicated otherwise.
> This email, and any attachments, may contain confidential and/or
proprietary
> information that is intended only for use by the addressee.  If you are
not
> the intended recipient, any use, dissemination, forwarding, printing,
or
> copying of this email is strictly prohibited.  If you received this
email
in
> error, please delete the email and advise the sender of the delivery
error.
> -----------------------------------------------------------------------
> ----
> -----------------------------------------------------------------------
----
>  

-- 
Chapter 4 of The Complete Patch Management Book: 
https://www.ecora.com/ecora/jump/pm149.asp

So why is it the only book on NT Event Logging is out of print?
http://tinyurl.com/3kwc2

And if you don't know about www.eventid.net You should!
Please note that Internet email is not always private, secure or
reliable.
The sender accepts no liability for any damages caused by any virus
inadvertently transmitted with this email.  Any opinion expressed in
this
email is solely that of the author, unless clearly indicated otherwise.
This email, and any attachments, may contain confidential and/or
proprietary
information that is intended only for use by the addressee.  If you are
not
the intended recipient, any use, dissemination, forwarding, printing, or
copying of this email is strictly prohibited.  If you received this
email in
error, please delete the email and advise the sender of the delivery
error.

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---



---------------------------------------------------------------------------
---------------------------------------------------------------------------