downloadkid
IS-IT--Management
Ok, I'm sure there must be an answer because I can't believe MS has left such a gaping hole in their system.
I've just completed the roll out from NT4 & W2K to a Server 2003 whole school network. All has gone pretty much to plan...however there appears to be a bit of a large hole in my security stratedgy called USB.
I was absolutely amazed to find that there is nothing in the GPO settings that allows me to control access to USB ports other then locking them down locally via the BIOS.
The problem is that I need to be able to provide teachers with access for their USB keys whilst at the same time on the same machines prevent students uploading pics, mpegs, mp3 into their home folders from their phones / ipods/ memory sticks etc in other words USB mass storage devices.
I am aware that there are third party solutions that can prevent access but before having to go down that road I need to know I have tested all routes.
I have searched the net to no avail, I did actually find a GPO someone had made up which unfortunately didn't work. I even changed the permissions locally on the USB mass storage .INI and DLL files to staff and admin access only, that didn't work either.
Got to say I am soooooo disapointed that MS could overlook such an issue, almost can't believe it hence me asking you peeps because I must be missing some thing?
I've just completed the roll out from NT4 & W2K to a Server 2003 whole school network. All has gone pretty much to plan...however there appears to be a bit of a large hole in my security stratedgy called USB.
I was absolutely amazed to find that there is nothing in the GPO settings that allows me to control access to USB ports other then locking them down locally via the BIOS.
The problem is that I need to be able to provide teachers with access for their USB keys whilst at the same time on the same machines prevent students uploading pics, mpegs, mp3 into their home folders from their phones / ipods/ memory sticks etc in other words USB mass storage devices.
I am aware that there are third party solutions that can prevent access but before having to go down that road I need to know I have tested all routes.
I have searched the net to no avail, I did actually find a GPO someone had made up which unfortunately didn't work. I even changed the permissions locally on the USB mass storage .INI and DLL files to staff and admin access only, that didn't work either.
Got to say I am soooooo disapointed that MS could overlook such an issue, almost can't believe it hence me asking you peeps because I must be missing some thing?
