Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

Group Policy Settings (part 3) - Managing Device Installation

- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/14/2011 10:14:34 PM

Managing Device Installation

Another powerful control within a GPO that you have over users is the management device installations. This has been a security concern for years. How do you keep users from using USB thumb drives and USB CD/DVD burners to take copies of confidential data and programs away from the office? I have heard of companies actually gluing the USB mouse and keyboard into the USB ports and then filling all other USB ports with glue just to prevent the use of USB thumb drives that could be used to steal confidential data. Not exactly the perfect solution, but one that addresses the security vulnerability. But now what do you do if the mouse or keyboard fails?

Windows Vista and Windows Server 2008 have addressed and solved this problem through new GPO settings that can control what types of devices can be installed by users, by administrators, or both. These Device Installation GPO settings can be configured on a Windows Vista or Windows Server 2008 computer under Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions, as shown in Figure 6.

Figure 6. Setting the Device Installation Restriction policies.

Standard users are not allowed to install many devices. However, by default, they can install a handful of devices, like USB thumb drives.

Devices are identified by Setup Classes (a Registry key) or by Device IDs (a more descriptive label for the devices). By using these identification values, you can configure Prevent Installation policies to include USB thumb drives and other types of devices, as shown in Figure 7.

Figure 7. Preventing installation of devices that match any of these Device IDs.


You can configure a GPO to establish a default Prevent Installation of Devices Not Described by Other Policy Settings policy, and then you can configure Allow Installation policies only for specific devices that you want users to be able to install.

The Prevent Installation of Devices Not Described by Other Policy Settings policy setting disallows even an administrator from installing restricted devices. If you need to allow administrators to install restricted devices, you must enable the Allow Administrators to Override Device Installation Restriction Policies, as shown in Figure 8, and link it to the appropriate AD container (site, domain, or OU).

Figure 8. Setting Allow Device Installation policies for users and for administrators.
Other -----------------
- Group Policy Settings (part 1) - Desktop Settings & Software Deployment by GPO
- Group Policy Object Overview (part 2) - Applying GPOs to a Computer and User in an AD Environment
- Group Policy Object Overview (part 1) - Building a Local Computer Policy & The Domain Member Computer
- User Account Control (UAC)
- Troubleshoot Authentication Issues - SmartCards
- Configure and Troubleshoot Access to Resources (part 4) - Securing Network Traffic for Remote Desktop Protocol (RDP) Access
- Configure and Troubleshoot Access to Resources (part 3) - IPSec for Securing Network Traffic on the Local LAN
- Configure and Troubleshoot Access to Resources (part 2) - Printer Sharing
- Configure and Troubleshoot Access to Resources (part 1) - Permissions
- Windows Update (part 4) - Troubleshooting Updates
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server