• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Device Installation Restriction Policy

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
prison.ito
Just Arrived
Just Arrived


Joined: 11 Oct 2012
Posts: 4


Offline

PostPosted: Thu Oct 11, 2012 4:00 am    Post subject: Device Installation Restriction Policy Reply with quote

I have enabled the following:
allow administrators to override device installation
allow installation of devices that match these device IDs
prevent installation of devices not described by other policys

and indicated the authorised device in the policy but when the policy is applied any new removable device inserted in the computer is still opening can someone please indicate what I am doing wrong[/list]
Back to top
View user's profile Send private message
WHUK_Barb
Just Arrived
Just Arrived


Joined: 15 Oct 2012
Posts: 5
Location: Leeds, UK

Offline

PostPosted: Mon Oct 15, 2012 2:20 pm    Post subject: Reply with quote

Use the SHIFT key to suppress the autorun feature by pressing. This needs to be done while inserting a USB drive. Then, right click on the icon in Explorer and select Explore to access the contents of the drive. Mind that this is just a a one-time action.

NOTE : Never double-clicking your USB drive icon in Explorer.

Then go to Go to the Group Policy Editor to define user and computer configurations for groups of users and computers. Here's how you do that :

1. Open GPEditor via Start >> Run >> Enter gpedit.msc in the Run box.
2. Navigate to Computer Configuration Administrative Templates System.
3. Highlight System on the left hand pane. On the right hand pane, go down to the entry Turn off Autoplay and double click on it.
4. Select the Enabled radio button, then for the Turn off Autoplay on dropdown, select All drives.

This should stop the pen drive from automatically playing the portable device.

Well, if you have good hands on Windows, you may even do that from the registry. Here's how to do that :-

- Launch the Registry Editor by typing regedit in the Run box (Start >> Run)
- On the left hand pane, keep expanding the entries by clicking on the + sign. Search for this entry HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
- For this registry entry, go to the right panel and double click the NoDriveTypeAutoRun registry key.
- Change the Value data to FF for Hexadecimal or 255 for Decimal value.
- Click OK to close the registry editor and Restart the computer.[/b]
Back to top
View user's profile Send private message Visit poster's website
prison.ito
Just Arrived
Just Arrived


Joined: 11 Oct 2012
Posts: 4


Offline

PostPosted: Tue Oct 16, 2012 6:06 pm    Post subject: Device Installation Restriction Reply with quote

I tried what you suggested. I am applying this policy via gpo. The removable devices are still accessible? Any other suggestions?
Back to top
View user's profile Send private message
WHUK_Barb
Just Arrived
Just Arrived


Joined: 15 Oct 2012
Posts: 5
Location: Leeds, UK

Offline

PostPosted: Wed Oct 17, 2012 5:57 am    Post subject: Reply with quote

Hmmm that's strangely interesting. No worries, can you please let us know the OS version you have ? should be helpful when digging deeper into the problem. Just trying to gather evidences as of now, can't tell you surely about the solution as of now. I was actually expecting the procedure as stated in my last reply to work.

Anyways, lets gather some info. first and then we can hit the issue.
Back to top
View user's profile Send private message Visit poster's website
prison.ito
Just Arrived
Just Arrived


Joined: 11 Oct 2012
Posts: 4


Offline

PostPosted: Sun Oct 28, 2012 5:40 am    Post subject: Device Installation Restriction Reply with quote

Windows Server 2008 R2
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register