G
G
Grigory Bondarenko2021-06-30 19:50:56
Information Security
Grigory Bondarenko, 2021-06-30 19:50:56

How to restrict access to USB tokens on a Windows Server 2019 terminal?

There is a remote desktop server on Windows Server 2019. USB tokens with company seals are inserted into the server. Only accountants who stamp accounting documents in Medka need to work with them. But besides accountants, a lot of people work in the terminal. How to prohibit the use of a token by all users, except for accountants?

Answer the question

In order to leave comments, you need to log in

7 answer(s)
D
Drno, 2021-06-30
@Drno

This, of course, is not an answer - but password-protect tokens and distribute passwords to current booms?)

A
Alexey Dmitriev, 2021-06-30
@SignFinder

Disable through local policies or GPO access to usb devices for everyone except the necessary accounts / groups

V
Vladimir Korotenko, 2021-06-30
@firedragon

It is normal practice to create a virtual machine only for bukhs and let them carry tokens with them

R
rPman, 2021-06-30
@rPman

If the usb token is a flash drive with files (and most likely it is, but I have seen strange options for a long time), then you can resolve it through file permissions by formatting the flash drives under ntfs and setting the access rights to the root directory only for a group of accountants

A
AntHTML, 2021-07-01
@anthtml

And what kind of tokens are they and can they be forwarded through the RDP / network
In general, only licensed HASPs should be inserted into the server for good? And
all bank / tax digital signatures are now equated by law with a real paper signature of a person (accountant)
, or something else. And tell users to insert a token only when they need to sign something. Otherwise, anyone can sign their signature, and they will answer in any case

A
Alexander Chernykh, 2021-07-02
@sashkets

forward tokens via rdp from the workplace of boo

U
Uncle Seryozha, 2021-10-02
@Protos

Worst idea to leave a token unattended even on a super isolated server

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question