Thursday, December 23, 2004

ADM for restricting USB

In Group Policy you can restrict USB on client machines by making a new ADM. The first is for XP/SP2 and the second for Pre SP2 machines.
CLASS MACHINE
CATEGORY "USB Storage"
POLICY "Write Protect USB Storage"
KEYNAME "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
VALUENAME "WriteProtect"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
CLASS MACHINE
CATEGORY "USB Storage"
POLICY "Disable USB Storage"
KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
VALUENAME "Start"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 3
END POLICY
END CATEGORY

No comments:

Post a Comment