USB keys

[Frank666]

Can anyone suggest how we can restrict what is loaded off of a usb key. We have students loading games and zips and exe files and need to stop them.

 

[schtek]

GPO restrict drives shown ??

"Ask not what your computer network can do for you - ask what you can do to the computer network to give you a quiet moment ."

 

[MJanssen01]

Maybe using Software restriction policies is an option. Have a look at these links:

http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html

http://www.virusbtn.com/files/johnlambert_vb2002.pdf

http://support.microsoft.com/default.aspx?scid=kb;en-us;324036

Hope this helps...
Regards,

 

[aftertaf]

you can't restrict usb keys as such, just totally block them like mentioned above with policy.

you can also limit with policy which exe files can be run, and make sure ntfs permissions are set to not let users do what they want with the system drive.

Aftertaf

"Solutions are not the answer." - Richard Nixon

 

[bazzert]

I have blocked all drives bar the shares on the srever that the students should have access to.

This means not only can they not access the CD, floppy and C: drives, if they insert a pendrive that is also not valid.

I have been able to do this easily as we run a piece of software called Ranger. One option is 'set drives that may not be accessed through Explorer, internet browsers and open/save file dialogs'. You have the option to have illegal drives and legal drives so basically I've got every letter of the alphabet as illegal bar the network shares they are allowed.

 

[Frank666]

This all sounds great, I have blocked them running .exe files by putting a GPO security restriction path statement as e: and so on, this stops them running exe files off of the key or CD, but does not stop them copying stuff to their H: drive and running from there. The path restriction on H: does not work for some reason, maybe becuase we re-direct to My Documents?