you can't restrict usb keys as such, just totally block them like mentioned above with policy.
you can also limit with policy which exe files can be run, and make sure ntfs permissions are set to not let users do what they want with the system drive.
I have blocked all drives bar the shares on the srever that the students should have access to.
This means not only can they not access the CD, floppy and C: drives, if they insert a pendrive that is also not valid.
I have been able to do this easily as we run a piece of software called Ranger. One option is 'set drives that may not be accessed through Explorer, internet browsers and open/save file dialogs'. You have the option to have illegal drives and legal drives so basically I've got every letter of the alphabet as illegal bar the network shares they are allowed.
This all sounds great, I have blocked them running .exe files by putting a GPO security restriction path statement as e: and so on, this stops them running exe files off of the key or CD, but does not stop them copying stuff to their H: drive and running from there. The path restriction on H: does not work for some reason, maybe becuase we re-direct to My Documents?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.