In this post we will learn the steps to disable USB Ports Using Group Policy. USB( Universal Serial Bus) is most common use for each and every one. USB is Most common way to establish connection between Pc and USB. Use of USB you can connect Extra Hard disk, Printer, Pan drive,Scanner etc.
Most of case Laptop having 3 to 5 USB post and Desktop having 4 to 6 ports. but If you want increase USB post then you can use External USB hub.
For securing the network of the company, most organizations limit access to removable drives by disabling USB ports.Disable removable disk would prevent the threat of stealing confidential data or inject virus in the network therefore organizations disable USB ports.
In this post we will learn how to disable USB with help of Group Policy and also see how to assign read only permission to USB Drive and block execution of .exe files.
Let's start How to disable USB Devices using Group Policy.
Step 1 :- Launch the Group Policy Management tool on the domain controller, right clickGroup Policy Objects, click New.Give name of GPO and Click On.Example i have assign name of GPO as Block USB Devices.
Step 1 :- Launch the Group Policy Management tool on the domain controller, right clickGroup Policy Objects, click New.Give name of GPO and Click On.Example i have assign name of GPO as Block USB Devices.
Step 2 :-Right-click the policy and click Edit. This will open the Group Policy Management Editor group. Go to Computer Configuration \ Policies \ Administrative Templates \ System \ Removable Storage Access. This is the place where the device configuration access toremovable storage. A lot of USB devices for multiple adjustments, however we will set up an environment All Removable Storage classes: Deny access.
Step 3:- Right click on the setting All Removable Storage classes: Deny access and clickEdit. If this policy is enabled then access to any kind of removable storage that is connected to the computer will be locked. Click Enabled and click Apply, then OK.
Step 4:- Do you still have to create a Group Policy object, the next step is to link the GPO to the OU container that contains the computer accounts and all USB devices will be blocked. Right-click the OU and click the link current GPO.
Step 5:-From the list select the USB policy GPO Block USB devices and click OK.
Step 6:- An upgrade of the group's policy on the client using the gpupdate / force command. Connect any USB device to your computer and you should see the message as access is denied. The policy applied users can not mount any kind of removable media.
source: https://ravirajsinhv.blogspot.in/2016/06/how-to-disable-usb-devices-using-group.html
Mình đang gặp vấn đề cho GPO như hướng dẫn của Admin, khi delect policy trên domain thì client vẫn còn bị cấm truy cập Usb, client dùng window 7, khi tạo thêm GPO cho phép sử dụng USB thì cũng không truy cập được, dùng rsop.msc đê xem và gpresult /r vẫn thấy cho phép truy cập usb, nhưng vẫn không thể truy cập được, xin được giúp được, có cách nào reset gpo client theo User không
ReplyDeletebạn đã chạy lệnh gpupdate trên server chưa? rồi thử dùng lệnh gpupdate đó trên client xem có tác dụng ko?
Delete