Device Installation Restriction Policy

Networking/Security Forums -> General Security Discussion

Author: prison.ito PostPosted: Thu Oct 11, 2012 4:00 am    Post subject: Device Installation Restriction Policy
    ----
I have enabled the following:
allow administrators to override device installation
allow installation of devices that match these device IDs
prevent installation of devices not described by other policys

and indicated the authorised device in the policy but when the policy is applied any new removable device inserted in the computer is still opening can someone please indicate what I am doing wrong[/list]

Author: WHUK_BarbLocation: Leeds, UK PostPosted: Mon Oct 15, 2012 2:20 pm    Post subject:
    ----
Use the SHIFT key to suppress the autorun feature by pressing. This needs to be done while inserting a USB drive. Then, right click on the icon in Explorer and select Explore to access the contents of the drive. Mind that this is just a a one-time action.

NOTE : Never double-clicking your USB drive icon in Explorer.

Then go to Go to the Group Policy Editor to define user and computer configurations for groups of users and computers. Here's how you do that :

1. Open GPEditor via Start >> Run >> Enter gpedit.msc in the Run box.
2. Navigate to Computer Configuration – Administrative Templates ““ System.
3. Highlight System on the left hand pane. On the right hand pane, go down to the entry – Turn off Autoplay and double click on it.
4. Select the Enabled radio button, then for the Turn off Autoplay on dropdown, select All drives.

This should stop the pen drive from automatically playing the portable device.

Well, if you have good hands on Windows, you may even do that from the registry. Here's how to do that :-

- Launch the Registry Editor by typing regedit in the Run box (Start >> Run)
- On the left hand pane, keep expanding the entries by clicking on the + sign. Search for this entry ““ HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
- For this registry entry, go to the right panel and double click the NoDriveTypeAutoRun registry key.
- Change the Value data to FF for Hexadecimal or 255 for Decimal value.
- Click OK to close the registry editor and Restart the computer.[/b]

Author: prison.ito PostPosted: Tue Oct 16, 2012 6:06 pm    Post subject: Device Installation Restriction
    ----
I tried what you suggested. I am applying this policy via gpo. The removable devices are still accessible? Any other suggestions?

Author: WHUK_BarbLocation: Leeds, UK PostPosted: Wed Oct 17, 2012 5:57 am    Post subject:
    ----
Hmmm that's strangely interesting. No worries, can you please let us know the OS version you have ? should be helpful when digging deeper into the problem. Just trying to gather evidences as of now, can't tell you surely about the solution as of now. I was actually expecting the procedure as stated in my last reply to work.

Anyways, lets gather some info. first and then we can hit the issue.

Author: prison.ito PostPosted: Sun Oct 28, 2012 5:40 am    Post subject: Device Installation Restriction
    ----
Windows Server 2008 R2



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group