SlideShare ist ein Scribd-Unternehmen logo

usbblocking in desktop laptop

Als DOCX, PDF herunterladen
S
sakthivel25

The document provides instructions for adding a .ADM file to Group Policy Objects (GPOs) to disable USB removable drives on Windows computers. It describes downloading the .ADM file, adding it to a GPO, and configuring the policy settings to stop the usbstor.sys driver and deny permissions to the USBSTOR service. The steps also include modifying the security permissions of the USBSTOR files and running gpupdate to push the GPO changes to computers.

BildungTechnologie
1 von 16
Download the USB_removable_drives_ADM file (2kb) After downloading the .ADM file, read Adding New Administrative Templates to a GPO. You might also be interested in reading Disable Writing to USB Disks with GPO. Note: In order to successfully view and configure the new .ADM file settings you will need to change the default filtering view for the GPO Editor (or GPedit.msc). Unless you change these settings, the right pane will appear empty, even though it has the settings in it. Follow these steps: 1. In GPEdit.msc (or any other GPO Editor window you're using) click on View > Filtering. 1. Click to un-select the "Only show policy settings that can be fully managed" check-box. Click Ok.
1. Now you will be able to see the new settings in the right pane:
1. You can now configure any of the above settings:
An additional step that needs to be performed before the above tip will work has to do with modifying the file access permissions for 2 files. You need to remove the SYSTEM access permissions from the usbstor.sys and usbstor.inf files. You can do so by right clicking these files > Properties, then going to the Security tab. There you need to remove the line for the SYSTEM account.
Note: Under some circumstances, the SYSTEM should have write access to these files during Service Pack installation. For example, when the SP is installed via GPO or SMS, the installation runs under the SYSTEM Account. Service Pack needs to replace the files to a new version and without proper write access to the file, installation will fail... Therefore, before each SP deployment we need to allow access to the SYSTEM account for these files. Adding .ADM files to the Administrative Templates in a GPO In order to add additional .ADM files to the existing Administrative Templates section in GPO please follow the next steps:
1. Open the Group Policy Management Console (or GPMC) from the Administrative Tools folder in the Stat menu, or by typing gpmc.msc in the Run command. Note: GPMC is not a built-in part of Windows 2000/XP/2003, and needs to be separately installed. You can download GPMC from the following link (Download GPMC), yet remember it can only be used effectively on Windows Server 2003-based Active Directory. If you do not have GPMC or cannot install it then you'll need to edit the GPO via the regular means, i.e. from Active Directory Users and Computers management tool (dsa.msc). 2. Right-click an existing GPO (or create an new GPO, then right-click on it) and select Edit.
3. Expand either the Computer settings or Users settings sections of the GPO. Go to the appropriate Administrative Templates section and rightclick it. Select Add/Remove Templates.
4. In the Add/Remove Templates window click Add.
5. Browse to the location of the required .ADM file and click Open.
6. In the Add/Remove Templates window notice that the new .ADM file is listed, then clickClose. Now re-open the Administrative Templates section and browse to the new settings location. Disabling GPO settings filtering Many custom Administrative Templates require you to remove the requirement to show policy settings that can be fully managed in the GPO editor. To do so follow the next steps: 1. After completing the above procedure, browse to the newly added Administrative Template section.
Note that the section is indeed listed, however in the right-pane is empty. 2. Right-click an empty spot in the right pane and select View > Filtering. 3. In the Filtering window click to un-mark the "Only show policy settings that can be fully managed" option. Then click Ok. 4. Notice how the available options are now displayed in the right pane. You can now configure these options as you please. However, if the .ADM files were added, for example, when sitting on DC1, how do you make sure they are also replicated to DC2, DC3 and so on? Please let me know if I can solve this any other way or if im doing something wrong. Creating a GPO in Windows 2003 to block USB drives in Windows XP computer This GPO is going to block the usage of USB removable disks, while allowing mouse and keyboards to work. Creating and enabling .ADM file copy and paste the script in note pad written under the instructions and save them with .ADM format. Log into RADDC02 go to Start>>Administrative Tools>>Group Policy Management
on the left pane select Computer Configuration>>Administrative Templates. Right Click Administrative Templates and select Add/ Remove Templates. Click on ADD go to the folder where you saved the .ADM file and add it to the Add/Remove Templates In GPEdit.msc (or any other GPO Editor window you're using) click on View > Filtering. Click to un-select the "Only show policy settings that can be fully managed" check-box. Click Ok Click on Computer Configuration>>Administrative templates>>Custom Policy Settings>>Restrict Drives>>Disable USB Removable Drivers Select Enabled from the drop down menu for usbstore.sys driver status select Stopped Creating a new registry entry in the local computer through GPO go to Computer Configuration>>Windows Settings>>Registry. Right Click select Add Key select MACHINE>>SYSTEM/CurrentControlSet>>Services>>USBSTOR>Security then click OK under object name double click on MachineSYSTEMCurrentControlSetServicesUSBSTORSecurity click on Edit Security Click on the desired Group or User names select and Deny permissions for users Note: Alternatively you could just add the name of the user or group you want to prevent from using USB #storage devices. . Click YES to the security warning. Note: Remember that deny permission take precedence so inherited permission will not have any affect and that we are applying the permission directly to a #file so we don’t need to worry about inheritance from this object. Modifying USBSTOR files . Go to Computer Configuration>>Administrative Templates>>File System. Right click and Add File and go to the following paths “C:WindowsInfUsbstor.pnf and “C:WindowsInfUsbstor.inf. Double click both of the folders and follow the instructions. Click on the desired Group or User names select and Deny permissions for users Note: Alternatively you could just add the name of the user or group you want to prevent from using USB #storage devices. Click YES to the security warning. Note: Remember that deny permission take precedence so inherited permission will not have any affect and that we are applying the permission directly #to a file so we don’t need to worry about inheritance from this object. go to run and type cmd, in the cmd window type "gpupdate /force" this will push the GPO out to the computers right away instead of waiting for 90 minutes, which is when the GPO checks for update by default. http://support.microsoft.com/kb/823732 http://www.grouppolicy.biz/2010/02/how-to-use-group-policy-to-disable-usb-drives-on-windows-xp CLASS MACHINE CATEGORY !!category CATEGORY !!categoryname POLICY !!policynameusb KEYNAME "SYSTEMCurrentControlSetServicesUSBSTOR" EXPLAIN !!explaintextusb PART !!labeltextusb DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynamecd KEYNAME "SYSTEMCurrentControlSetServicesCdrom" EXPLAIN !!explaintextcd PART !!labeltextcd DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST
NAME !!Disabled VALUE NUMERIC 1 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynameflpy KEYNAME "SYSTEMCurrentControlSetServicesFlpydisk" EXPLAIN !!explaintextflpy PART !!labeltextflpy DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynamels120 KEYNAME "SYSTEMCurrentControlSetServicesSfloppy" EXPLAIN !!explaintextls120 PART !!labeltextls120 DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY END CATEGORY END CATEGORY [strings] category="Custom Policy Settings" categoryname="Restrict Drives" policynameusb="Disable USB" policynamecd="Disable CD-ROM" policynameflpy="Disable Floppy" policynamels120="Disable High Capacity Floppy" explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver" explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver" explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver" explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver" labeltextusb="Disable USB Ports" labeltextcd="Disable CD-ROM Drive" labeltextflpy="Disable Floppy Drive" labeltextls120="Disable High Capacity Floppy Drive" Enabled="Enabled" Disabled="Disabled"
usbblocking in desktop laptop

Empfohlen

Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best Practices
Rob Dunn
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferences
Rob Dunn
 
Securing Windows with Group Policy
Securing Windows with Group PolicySecuring Windows with Group Policy
Securing Windows with Group Policy
Josh Rickard
 
Group Policy
Group PolicyGroup Policy
Group Policy
Chris Watson
 
Exchange manage with scom
Exchange manage with scomExchange manage with scom
Exchange manage with scom
Gary Jackson
 
Group Policy Preferences, Templates, And Scripting
Group Policy Preferences, Templates, And ScriptingGroup Policy Preferences, Templates, And Scripting
Group Policy Preferences, Templates, And Scripting
Microsoft TechNet
 
Group policy management window server 2008r2
Group policy management window server 2008r2Group policy management window server 2008r2
Group policy management window server 2008r2
IGZ Software house
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008
Unitek Eduation
 

Empfohlen

Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best Practices
Rob Dunn
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferences
Rob Dunn
 
Securing Windows with Group Policy
Securing Windows with Group PolicySecuring Windows with Group Policy
Securing Windows with Group Policy
Josh Rickard
 
Group Policy
Group PolicyGroup Policy
Group Policy
Chris Watson
 
Exchange manage with scom
Exchange manage with scomExchange manage with scom
Exchange manage with scom
Gary Jackson
 
Group Policy Preferences, Templates, And Scripting
Group Policy Preferences, Templates, And ScriptingGroup Policy Preferences, Templates, And Scripting
Group Policy Preferences, Templates, And Scripting
Microsoft TechNet
 
Group policy management window server 2008r2
Group policy management window server 2008r2Group policy management window server 2008r2
Group policy management window server 2008r2
IGZ Software house
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008
Unitek Eduation
 
wipe dell laptop windows 11
wipe dell laptop windows 11wipe dell laptop windows 11
wipe dell laptop windows 11
ssuser1eca7d
 
Windows server 2012 and group policy
Windows server 2012 and group policyWindows server 2012 and group policy
Windows server 2012 and group policy
Ravi Kumar Lanke
 
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
blusmurfydot1
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
Rob Dunn
 
70 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 04100970 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 041009
Coffeyville Community College
 
Siri softwaretroubleshooting.doc
Siri softwaretroubleshooting.docSiri softwaretroubleshooting.doc
Siri softwaretroubleshooting.doc
sirikeshava
 
Hp storage
Hp storage Hp storage
Hp storage
Quemby
 
Windows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy ChangesWindows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy Changes
Eduardo Castro
 
Deploying office 2010 via group policy
Deploying office 2010 via group policyDeploying office 2010 via group policy
Deploying office 2010 via group policy
Naresh Gotad
 
Window 2003 server group policy AD
Window 2003 server group policy ADWindow 2003 server group policy AD
Window 2003 server group policy AD
sentmery5
 
Prestashop Backup Manager extension | Backup Manager Tool Prestashop
Prestashop Backup Manager extension | Backup Manager Tool PrestashopPrestashop Backup Manager extension | Backup Manager Tool Prestashop
Prestashop Backup Manager extension | Backup Manager Tool Prestashop
WebKul SoftWare LTD
 
Ad group policy1
Ad group policy1Ad group policy1
Ad group policy1
denogx
 
MDT Step public
MDT Step publicMDT Step public
MDT Step public
Jonathan Reckner
 
Ad msi-installation via Active Directory
Ad msi-installation via Active DirectoryAd msi-installation via Active Directory
Ad msi-installation via Active Directory
Kalai Mani
 
10 implementing GPOs
10 implementing GPOs10 implementing GPOs
10 implementing GPOs
Hameda Hurmat
 
Windows tuning guide_for_vspace
Windows tuning guide_for_vspaceWindows tuning guide_for_vspace
Windows tuning guide_for_vspace
kaduger
 
Magento 2 Frequently Bought Together
Magento 2 Frequently Bought TogetherMagento 2 Frequently Bought Together
Magento 2 Frequently Bought Together
MageAnts
 
Win Connections Group Policy Changes (Harold W)
Win Connections Group Policy Changes (Harold W)Win Connections Group Policy Changes (Harold W)
Win Connections Group Policy Changes (Harold W)
Harold Wong
 
Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)
Harold Wong
 
Family Tree Explorer Manual
Family Tree Explorer ManualFamily Tree Explorer Manual
Family Tree Explorer Manual
soft Xpansion GmbH & Co. KG
 
Magento 2 GDPR Extension
Magento 2 GDPR ExtensionMagento 2 GDPR Extension
Magento 2 GDPR Extension
MageAnts
 
10 things group policy preferences does better
10 things group policy preferences does better10 things group policy preferences does better
10 things group policy preferences does better
Gol D Roger
 

Weitere ähnliche Inhalte

Was ist angesagt?

IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
blusmurfydot1
 

Was ist angesagt? (8)

wipe dell laptop windows 11
wipe dell laptop windows 11wipe dell laptop windows 11
wipe dell laptop windows 11
 
Windows server 2012 and group policy
Windows server 2012 and group policyWindows server 2012 and group policy
Windows server 2012 and group policy
 
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
 
70 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 04100970 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 041009
 
Siri softwaretroubleshooting.doc
Siri softwaretroubleshooting.docSiri softwaretroubleshooting.doc
Siri softwaretroubleshooting.doc
 
Hp storage
Hp storage Hp storage
Hp storage
 
Windows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy ChangesWindows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy Changes
 

Ähnlich wie usbblocking in desktop laptop

Deploying office 2010 via group policy
Deploying office 2010 via group policyDeploying office 2010 via group policy
Deploying office 2010 via group policy
Naresh Gotad
 
Window 2003 server group policy AD
Window 2003 server group policy ADWindow 2003 server group policy AD
Window 2003 server group policy AD
sentmery5
 
Ad group policy1
Ad group policy1Ad group policy1
Ad group policy1
denogx
 
Ad msi-installation via Active Directory
Ad msi-installation via Active DirectoryAd msi-installation via Active Directory
Ad msi-installation via Active Directory
Kalai Mani
 
Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)
Harold Wong
 
10 things group policy preferences does better
10 things group policy preferences does better10 things group policy preferences does better
10 things group policy preferences does better
Gol D Roger
 
How To Make System Work Faster
How To Make System Work FasterHow To Make System Work Faster
How To Make System Work Faster
Gaurav bhatnagar
 
DeepFreeze Update Loop
DeepFreeze Update LoopDeepFreeze Update Loop
DeepFreeze Update Loop
Timothy Reid
 

Ähnlich wie usbblocking in desktop laptop (20)

Deploying office 2010 via group policy
Deploying office 2010 via group policyDeploying office 2010 via group policy
Deploying office 2010 via group policy
 
Window 2003 server group policy AD
Window 2003 server group policy ADWindow 2003 server group policy AD
Window 2003 server group policy AD
 
Prestashop Backup Manager extension | Backup Manager Tool Prestashop
Prestashop Backup Manager extension | Backup Manager Tool PrestashopPrestashop Backup Manager extension | Backup Manager Tool Prestashop
Prestashop Backup Manager extension | Backup Manager Tool Prestashop
 
Ad group policy1
Ad group policy1Ad group policy1
Ad group policy1
 
MDT Step public
MDT Step publicMDT Step public
MDT Step public
 
Ad msi-installation via Active Directory
Ad msi-installation via Active DirectoryAd msi-installation via Active Directory
Ad msi-installation via Active Directory
 
10 implementing GPOs
10 implementing GPOs10 implementing GPOs
10 implementing GPOs
 
Windows tuning guide_for_vspace
Windows tuning guide_for_vspaceWindows tuning guide_for_vspace
Windows tuning guide_for_vspace
 
Magento 2 Frequently Bought Together
Magento 2 Frequently Bought TogetherMagento 2 Frequently Bought Together
Magento 2 Frequently Bought Together
 
Win Connections Group Policy Changes (Harold W)
Win Connections Group Policy Changes (Harold W)Win Connections Group Policy Changes (Harold W)
Win Connections Group Policy Changes (Harold W)
 
Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)Win Connections Group Policy Changes ( Harold W)
Win Connections Group Policy Changes ( Harold W)
 
Family Tree Explorer Manual
Family Tree Explorer ManualFamily Tree Explorer Manual
Family Tree Explorer Manual
 
Magento 2 GDPR Extension
Magento 2 GDPR ExtensionMagento 2 GDPR Extension
Magento 2 GDPR Extension
 
10 things group policy preferences does better
10 things group policy preferences does better10 things group policy preferences does better
10 things group policy preferences does better
 
How To Make System Work Faster
How To Make System Work FasterHow To Make System Work Faster
How To Make System Work Faster
 
Joomla 3 installation and management guide
Joomla 3 installation and management guideJoomla 3 installation and management guide
Joomla 3 installation and management guide
 
DeepFreeze Update Loop
DeepFreeze Update LoopDeepFreeze Update Loop
DeepFreeze Update Loop
 
Magento 2 Duplicate Category
Magento 2 Duplicate CategoryMagento 2 Duplicate Category
Magento 2 Duplicate Category
 
Tips and Tricks to Fix Google Chrome Crashes
Tips and Tricks to Fix Google Chrome CrashesTips and Tricks to Fix Google Chrome Crashes
Tips and Tricks to Fix Google Chrome Crashes
 
Using GPOs to Configure and Tune Desktops
Using GPOs to Configure and Tune DesktopsUsing GPOs to Configure and Tune Desktops
Using GPOs to Configure and Tune Desktops
 

Kürzlich hochgeladen

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 

Kürzlich hochgeladen (20)

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 

usbblocking in desktop laptop

  • 1. Download the USB_removable_drives_ADM file (2kb) After downloading the .ADM file, read Adding New Administrative Templates to a GPO. You might also be interested in reading Disable Writing to USB Disks with GPO. Note: In order to successfully view and configure the new .ADM file settings you will need to change the default filtering view for the GPO Editor (or GPedit.msc). Unless you change these settings, the right pane will appear empty, even though it has the settings in it. Follow these steps: 1. In GPEdit.msc (or any other GPO Editor window you're using) click on View > Filtering. 1. Click to un-select the "Only show policy settings that can be fully managed" check-box. Click Ok.
  • 2. 1. Now you will be able to see the new settings in the right pane:
  • 3. 1. You can now configure any of the above settings:
  • 4. An additional step that needs to be performed before the above tip will work has to do with modifying the file access permissions for 2 files. You need to remove the SYSTEM access permissions from the usbstor.sys and usbstor.inf files. You can do so by right clicking these files > Properties, then going to the Security tab. There you need to remove the line for the SYSTEM account.
  • 5. Note: Under some circumstances, the SYSTEM should have write access to these files during Service Pack installation. For example, when the SP is installed via GPO or SMS, the installation runs under the SYSTEM Account. Service Pack needs to replace the files to a new version and without proper write access to the file, installation will fail... Therefore, before each SP deployment we need to allow access to the SYSTEM account for these files. Adding .ADM files to the Administrative Templates in a GPO In order to add additional .ADM files to the existing Administrative Templates section in GPO please follow the next steps:
  • 6. 1. Open the Group Policy Management Console (or GPMC) from the Administrative Tools folder in the Stat menu, or by typing gpmc.msc in the Run command. Note: GPMC is not a built-in part of Windows 2000/XP/2003, and needs to be separately installed. You can download GPMC from the following link (Download GPMC), yet remember it can only be used effectively on Windows Server 2003-based Active Directory. If you do not have GPMC or cannot install it then you'll need to edit the GPO via the regular means, i.e. from Active Directory Users and Computers management tool (dsa.msc). 2. Right-click an existing GPO (or create an new GPO, then right-click on it) and select Edit.
  • 7.
  • 8.
  • 9. 3. Expand either the Computer settings or Users settings sections of the GPO. Go to the appropriate Administrative Templates section and rightclick it. Select Add/Remove Templates.
  • 10. 4. In the Add/Remove Templates window click Add.
  • 11. 5. Browse to the location of the required .ADM file and click Open.
  • 12. 6. In the Add/Remove Templates window notice that the new .ADM file is listed, then clickClose. Now re-open the Administrative Templates section and browse to the new settings location. Disabling GPO settings filtering Many custom Administrative Templates require you to remove the requirement to show policy settings that can be fully managed in the GPO editor. To do so follow the next steps: 1. After completing the above procedure, browse to the newly added Administrative Template section.
  • 13. Note that the section is indeed listed, however in the right-pane is empty. 2. Right-click an empty spot in the right pane and select View > Filtering. 3. In the Filtering window click to un-mark the "Only show policy settings that can be fully managed" option. Then click Ok. 4. Notice how the available options are now displayed in the right pane. You can now configure these options as you please. However, if the .ADM files were added, for example, when sitting on DC1, how do you make sure they are also replicated to DC2, DC3 and so on? Please let me know if I can solve this any other way or if im doing something wrong. Creating a GPO in Windows 2003 to block USB drives in Windows XP computer This GPO is going to block the usage of USB removable disks, while allowing mouse and keyboards to work. Creating and enabling .ADM file copy and paste the script in note pad written under the instructions and save them with .ADM format. Log into RADDC02 go to Start>>Administrative Tools>>Group Policy Management
  • 14. on the left pane select Computer Configuration>>Administrative Templates. Right Click Administrative Templates and select Add/ Remove Templates. Click on ADD go to the folder where you saved the .ADM file and add it to the Add/Remove Templates In GPEdit.msc (or any other GPO Editor window you're using) click on View > Filtering. Click to un-select the "Only show policy settings that can be fully managed" check-box. Click Ok Click on Computer Configuration>>Administrative templates>>Custom Policy Settings>>Restrict Drives>>Disable USB Removable Drivers Select Enabled from the drop down menu for usbstore.sys driver status select Stopped Creating a new registry entry in the local computer through GPO go to Computer Configuration>>Windows Settings>>Registry. Right Click select Add Key select MACHINE>>SYSTEM/CurrentControlSet>>Services>>USBSTOR>Security then click OK under object name double click on MachineSYSTEMCurrentControlSetServicesUSBSTORSecurity click on Edit Security Click on the desired Group or User names select and Deny permissions for users Note: Alternatively you could just add the name of the user or group you want to prevent from using USB #storage devices. . Click YES to the security warning. Note: Remember that deny permission take precedence so inherited permission will not have any affect and that we are applying the permission directly to a #file so we don’t need to worry about inheritance from this object. Modifying USBSTOR files . Go to Computer Configuration>>Administrative Templates>>File System. Right click and Add File and go to the following paths “C:WindowsInfUsbstor.pnf and “C:WindowsInfUsbstor.inf. Double click both of the folders and follow the instructions. Click on the desired Group or User names select and Deny permissions for users Note: Alternatively you could just add the name of the user or group you want to prevent from using USB #storage devices. Click YES to the security warning. Note: Remember that deny permission take precedence so inherited permission will not have any affect and that we are applying the permission directly #to a file so we don’t need to worry about inheritance from this object. go to run and type cmd, in the cmd window type "gpupdate /force" this will push the GPO out to the computers right away instead of waiting for 90 minutes, which is when the GPO checks for update by default. http://support.microsoft.com/kb/823732 http://www.grouppolicy.biz/2010/02/how-to-use-group-policy-to-disable-usb-drives-on-windows-xp CLASS MACHINE CATEGORY !!category CATEGORY !!categoryname POLICY !!policynameusb KEYNAME "SYSTEMCurrentControlSetServicesUSBSTOR" EXPLAIN !!explaintextusb PART !!labeltextusb DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynamecd KEYNAME "SYSTEMCurrentControlSetServicesCdrom" EXPLAIN !!explaintextcd PART !!labeltextcd DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST
  • 15. NAME !!Disabled VALUE NUMERIC 1 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynameflpy KEYNAME "SYSTEMCurrentControlSetServicesFlpydisk" EXPLAIN !!explaintextflpy PART !!labeltextflpy DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynamels120 KEYNAME "SYSTEMCurrentControlSetServicesSfloppy" EXPLAIN !!explaintextls120 PART !!labeltextls120 DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT NAME !!Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY END CATEGORY END CATEGORY [strings] category="Custom Policy Settings" categoryname="Restrict Drives" policynameusb="Disable USB" policynamecd="Disable CD-ROM" policynameflpy="Disable Floppy" policynamels120="Disable High Capacity Floppy" explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver" explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver" explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver" explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver" labeltextusb="Disable USB Ports" labeltextcd="Disable CD-ROM Drive" labeltextflpy="Disable Floppy Drive" labeltextls120="Disable High Capacity Floppy Drive" Enabled="Enabled" Disabled="Disabled"