Answer the question
In order to leave comments, you need to log in
How to restrict access to USB tokens on a Windows Server 2019 terminal?
There is a remote desktop server on Windows Server 2019. USB tokens with company seals are inserted into the server. Only accountants who stamp accounting documents in Medka need to work with them. But besides accountants, a lot of people work in the terminal. How to prohibit the use of a token by all users, except for accountants?
Answer the question
In order to leave comments, you need to log in
This, of course, is not an answer - but password-protect tokens and distribute passwords to current booms?)
Disable through local policies or GPO access to usb devices for everyone except the necessary accounts / groups
It is normal practice to create a virtual machine only for bukhs and let them carry tokens with them
If the usb token is a flash drive with files (and most likely it is, but I have seen strange options for a long time), then you can resolve it through file permissions by formatting the flash drives under ntfs and setting the access rights to the root directory only for a group of accountants
And what kind of tokens are they and can they be forwarded through the RDP / network
In general, only licensed HASPs should be inserted into the server for good?
And
all bank / tax digital signatures are now equated by law with a real paper signature of a person (accountant)
, or something else. And tell users to insert a token only when they need to sign something. Otherwise, anyone can sign their signature, and they will answer in any case
Worst idea to leave a token unattended even on a super isolated server
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question