Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander Shishenko2013-07-17 09:37:46
Information Security
Alexander Shishenko, 2013-07-17 09:37:46

Allow only certain USB drives in Windows

The problem is this: We have an account of flash media in our organization. Computers (running Windows, starting with XP) are not allowed to insert unauthorized devices.

Actually, the question is: how to prohibit the use of them?

The situation is complicated by the fact that the organization does not have a common network, that is, group policies / DeviceLock and others work exactly until the moment when you need to add one more device to all computers (And there are, for a moment, several thousand).
Maybe there are some solutions, for example, a file indicating the serial number, signed by our key on the hidden section of the flash drive, according to which the software understands whether to mount it or not?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

7 answer(s)
Report
P
Pavel Zagrebelin, 2013-07-17
@Zagrebelion

Several thousand computers without a single network, but with the need for centralized management - this is called hell.

Report
A
Akr0n, 2013-07-18
@Akr0n

It can be done purely by means of Windows, but from experience I can say that sometimes it causes random problems in the system.
The registry has a branch HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR, which stores information about installed USB drives, clean the branch, plug in the necessary flash drives, let them install, and then take away the user's rights to this branch, after that Windows simply won't be able to install a new disk.
Also in the system folder there is a file responsible for something similar, you also need to cut the rights to it after installing %\WINDOWS\Inf, usbstor.inf and usbstor.pnf files.

Report
J
joneleth, 2013-07-17
@joneleth

I don't think there is such a thing. Because the idea is pretty pointless. What prevents you from carrying information on an official medium?

Report
X
xmoonlight, 2013-07-17
@xmoonlight

Do you have a policy: "everything is allowed except ..."?
By the way, is it forbidden to take pictures of the monitor or print what is needed on the printer (binaries - in mail mime format)?

Report
M
Mikhail Tchervonnko, 2013-07-17
@RusMikle

It is technically possible to write your own service that hangs in Windows and checks the serial numbers of inserted flash drives. If the number is not registered, it disables them.

Report
C
Che13, 2013-07-18
@Che13

The option is somewhat simpler, available out of the box, but requires Windows 7 or Windows Server 2008:
1. Ru.Wiki
2. En.Wiki
3. Article

Report
I
impass, 2013-07-21
@impass

GFI EndPointSecurity
DeviceLock
More functional products, at the same time supported by a "paper":
Secret Net
There is a "Security Server" for centralized management of workstations.
Dallas Lock
Declared "Remote administration of workplaces".

Similar questions
A
Alex_82020-03-12 19:11:18
How to create image switchers on a website in Elementor Page Builder (Wordpress)? 1Reply
V
Vadim2019-08-29 18:31:01
How to protect a Websocket based site from DDoS attacks? 2Reply
H
hui_s_gory2015-04-01 19:55:33
How to access I2P through NAT provider? 1Reply
A
Anton R.2019-09-03 10:21:30
Visits to the site from a strange IP, what could it be? 1Reply
T
Thiago Alvarez2019-09-07 21:26:31
Is my host constantly pinged? DDOS? what is this? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question