| Author | Messages | |
DamianCrosby
Posts:25
 | | 10/21/2010 11:04 AM |
| What's the weakness with GPP device controls? It does disable the driver in device manager and I cannot see it within explorer..Additionally I am unable to enable the device within device manager...So how could I turn this preference off?
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
Sent: 19 October 2010 18:17
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Device Control User Targeted8.4785
Alan-
I presume that the specific policy you're referring to is "Restrict access to drives in My Computer"? If so, then I can simply open a command prompt and get access to any drives I wish. Or are you thinking of a different policy?
Darren
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hutchinson, Alan
Sent: Tuesday, October 19, 2010 9:55 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Device Control User Targeted8.4785
Darren,
I know that the hide drives is, as you say, 'Explorer Obfustication' - I've certainly found ways through, but I've not been able to get around the 'restrict access' one. Would love to know how to do it.
Regards,
Alan.
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
Sent: 19 October 2010 17:46
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Device Control User Targeted8.4785
The downside to those policies is that they are actually not foolproof at all. They are merely "Explorer obfuscation", and depending upon which APIs an application uses, they can be good or completely useless.
Darren
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hutchinson, Alan
Sent: Tuesday, October 19, 2010 9:39 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Device Control User Targeted8.4785
If you turn it on it's head, so to speak, and know the drives that a user has legitimate access to then there is the 'hide drives' and 'restrict access to drives' GPOs.
If taht doesn't make sense I can expand.
Regards,
Alan.
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of MCCARTHY Sean (AXA-TECH-UK)
Sent: 19 October 2010 14:56
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Device Control User Targeted8.4785
Hi Damian,
This can be configured under devices in GPP,
Although not the most secure method of doing it (most companies use applications such as device locker etc)
Thanks,
Sean
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Crosby, Damian
Sent: 19 October 2010 14:50
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Device Control User Targeted8.4785
We have a requirement to use GPO in this scenario....
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Michael Grady
Sent: 19 October 2010 14:46
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Device Control User Targeted8.4785
There are a number of 3rd party products that do just this, including memory sticks, usb ports, etc.
Michael K. Grady
Chairman
Gracon Services, Inc.
4265 Okemos Rd., Suite A
Okemos, MI 48864
xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
(Tel)517-349-4900
(Fax)517-349-0983
DISCLAIMER:
This message may contain confidential information and is intended only for its recipient(s). If you have received this email by error, please delete this e-mail from your system.
>>> On 10/19/2010 at 9:39 AM, in message <xxxxxxxxxxxxxxxx>, "Crosby, Damian" <xxxxxxxxxxxxxxxx> wrote:
Hi,
Does anyone have any smarts about how to deal with endpoint control (for example disabling a floppy drive) but target this at the user so the policy follows the user irrespective of _where_ the user logs on?
Device control settings are typically aimed at the machine as they are integral device drivers that need to be configured at machine boot / startup...Hs anyone attempted this via GPO scoped / filtered at a user / group of users.
Thanks.
Damian.
________________________________
NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers. If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.
________________________________
NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers. If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.
This email originates from AXA Technology Services UK Limited (reg. no. 1854856) which has its registered office at 5 Old Broad Street, London EC2N 1AD, England.
This message and any files transmitted with it are confidential and intended solely for the individual or entity to whom they are addressed. If you have received this in error, you should not disseminate or copy this email. Please notify the sender immediately and delete this email from your system.
Please also note that any opinions presented in this email are solely those of the author and do not necessarily represent those of The AXA UK Plc Group.
Email transmission cannot be guaranteed to be secure, or error free as information could be intercepted, corrupted, lost, destroyed, late in arriving or incomplete as a result of the transmission process. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission.
Finally, the recipient should check this email and any attachments for viruses. The AXA UK Plc Group accept no liability for any damage caused by any virus transmitted by this email.
--------------------------------------------------------------------------
NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers. If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.
| | | |
|
|