Results 1 to 2 of 2
Thread: Storage devices access controls
2010-05-16, 19:04 #1
- Join Date
- Dec 2009
- New Jersey
- Thanked 0 Times in 0 Posts
Because of a serious security breech, I have been instructed to make all (Windows XP) internal and external storage devices read-only for my users. I used Safe Mode to limit user hard dive access to read, list, and read and execute. I couldn't find a way to do this with the floppy and optical drives. I have searched through both Computer Management and Policy without finding anything that could do these two perform these tasks.
I looked through Computer Management and Policy but found nothing.
I have directions to prevent users from attaching their own USB drives by editing the Registry as discussed below. (This really isn't what I want to do. I have no objection to a user attaching a flash drive in order to print a document. The following is the only instruction I have.)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\UsbStor, clicking Start and and typing 4 in the value box. I could restore access by returning the value to 3. However, when I opened Start, the default value shown was 1. I changed it to 2…….and found that I couldn’t access the USB drives in the Administrator account.
When I looked through CurrentControlSet, I found these entries:
1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Flpydisk
2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CDROM
Both of these had Start files with value boxes in them. The default values were 1.
(Can any of this actually be accomplished?)
I would greatly appreciate some help with these items.
BTW: When I was notified of the need to make the foregoing changes, the IT Powers That Be disabled our Internet access. I was given to understand that I should forget about restoring it until I have made and demonstrated the changes. A colleague who was given the above requirements asked what he should do. He was told to figure it out himself.
2010-05-16, 21:24 #2
- Join Date
- Mar 2001
- St Louis, Missouri, USA
- Thanked 1,099 Times in 965 Posts
Wow!! Sounds like a complete over-reaction. My sympathies. Hope someone is trying to get at the root of the problem.
If you really have just CDROM or DVDROM drives you do not need to worry about them. They are read only by definition.
For the other types of drives all you can do is disable access. You can't know the volumes being attached or inserted ahead of time so you can't make them read only.
See the free utilities at Downloads :: IntelliAdmin - Remote Administration For Windows.