| Author | Messages | |
rlm1123
Posts:1
 | | 12/16/2009 1:48 PM |
| Darren,
I've been reading the posts concerning the USB disabling, we are being required to do that for the US Air Force starting here at AMC at Scott AFB, IL. I'm curious, what is this GP Preferences you referred to Peter?
//signed//
ROY MILLER, CTR
NCI Systems, Inc
561 NOS Det 3\DOSD
DSN: 576-5055
COM: 618-256-5055
xxxxxxxxxxxxxxxx
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
Sent: Tuesday, November 03, 2009 8:56 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] USB drive diabling
Peter-
Have you deployed GP Preferences in your environment? If so, you may be able to get around this using its Registry Extension and item-level targeting. In addition, Vista provides per-user removable storage management within Admin. Templates, so this should not be an issue at all on those machines.
Darren
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Peter Johnson
Sent: Tuesday, November 03, 2009 2:19 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] USB drive diabling
Hi Michael
My issue is that I can't apply this template at a user level so I've got no way of filtering it based on users. I've got it working and I can create a group of machines that it won't apply to but then when a user who should be able to use a usb stick logs onto that machine he's not going to be able to because machine configuration polices, if I understand it correctly, completely ignore User Filtering.
It's a chicken and egg thing L
Kind Regards
Peter Johnson
I.T Architect
United Kingdom: +44 1285 65842
South Africa: +27 11 252 1100
Swaziland: +268 442 7000
Fax:+27 11 974 7130
Mobile: +2783 306 0019
xxxxxxxxxxxxxxxx
This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company.
Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise.
The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower.
No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dzikowski, Michael
Sent: 02 November 2009 17:47
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] USB drive diabling
N00b! J
JK. Good questions....
1. You could do either a WMI query in your policy or Scope the policy to apply to specific groups.
2. You could use loopback to apply user policies at the computer level http://support.microsoft.com/kb/231287
3. Machine policies don't care who is logged onto the machine. Like you're thinking, maybe loopback would help with that...
4. Shouldn't if you get this to work at a user level with loopback.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Peter Johnson
Sent: Monday, November 02, 2009 8:51 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] USB drive diabling
I've played with the Daniel Petri article a bit and have a couple of questions which may come across as a bit newbie but I'm just covering my bases:
1.) I've imported the adm file and noticed it applies to computers and not users. Is there a way to get it to apply to users or can I filter this with user groups to ensure that only certain users get the policy applied.
2.) Can I do this by enabling loopback processing?
3.) If this policy is applied to the machine and USB sticks etc are disabled and another user, who's entitled to have the USB storage devices available logs in, will the policy be reversed or will tattooing cause the policy to stick?
4.) Will I need to create a policy that's the reverse of the one that is disabling the USB sticks to re-enable them for certain users?
Any assistance would we be greatly appreciated.
Thanks
Peter Johnson
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Peter Johnson
Sent: 02 November 2009 11:55
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] FW: USB drive diabling
Sorry for the horrible typing. That should of course be USB Drive disabling.
Kind Regards
Peter Johnson
I.T Architect
United Kingdom: +44 1285 65842
South Africa: +27 11 252 1100
Swaziland: +268 442 7000
Fax:+27 11 974 7130
Mobile: +2783 306 0019
xxxxxxxxxxxxxxxx
This email message (including attachments) contains information which may be confidential and/or legally privileged. Unless you are the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message or from any attachments that were sent with this email, and If you have received this email message in error, please advise the sender by email, and delete the message. Unauthorised disclosure and/or use of information contained in this email may result in civil and criminal liability. Everything in this e-mail and attachments relating to the official business of Peterstow Aquapower is proprietary to the company.
Caution should be observed in placing any reliance upon any information contained in this e-mail, which is not intended to be a representation or inducement to make any decision in relation to Peterstow Aquapower. Any decision taken based on the information provided in this e-mail, should only be made after consultation with appropriate legal, regulatory, tax, technical, business, investment, financial, and accounting advisors. Neither the sender of the e-mail, nor Peterstow Aquapower shall be liable to any party for any direct, indirect or consequential damages, including, without limitation, loss of profit, interruption of business or loss of information, data or software or otherwise.
The e-mail address of the sender may not be used, copied, sold, disclosed or incorporated into any database or mailing list for spamming and/or other marketing purposes without the prior consent of Peterstow Aquapower.
No warranties are created or implied that an employee of Peterstow Aquapower and/or a contractor of Peterstow Aquapower is authorized to create and send this e-mail.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Peter Johnson
Sent: 02 November 2009 11:46
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] USB drive diabling
Hi Guys
I've been tasked with deploying a GPO to disable the use of USB memory sticks on certain specific machines/users within my org.
I've got a mixture of Vista and XP SP3 machines in the environment.
I've located Daniel Petri's article on how to do this in Windows XP and will be trying that. Anyone got any pointers on how do this is Vista and Win 7? I'm new to this side of GPO's and any help would be appreciated. Also any gotcha's etc to watch out for?
Thanks
Peter
==============================================================================
CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies.
Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy Policy and Henry Ford My Health at www.henryford.com for more detailed information. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us.
==============================================================================
| | | |
|
|