Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

USB3 Thumb Drive question

Status
Not open for further replies.

spaulding

Technical User
Jan 10, 2001
123
US
This may be a dumb question, but here goes.
With the proliferation of USB thumb drives that allow you to have an operating system on them, what's to stop somebody from sticking one in a networked computer and using his operating system to bypass security policies on the domain. For instance, we block access to the run command. What's to stop them from putting XP on the flash drive and running it from there?
 
There is a way to boot a small XP operating system from a flash drive, so the the solution to that is to disable booting from flash drives. If applicable, this would be a bios setting for each machine.
 
Yeah, you can stop booting from the BIOS, and prevent USB pens from running using registry keys / GPO's.




Steve.

"They have the internet on computers now!" - Homer Simpson
 
I probably didn't state my question very well. Perfection would be a person could use his USB drive to store and access his data, but could not use it to run programs. Is that possible?
 
The solution that smah and Stevehewitt offer is actually going to work for you. The BIOS setting will not allow boot from the USB, yet still allow the functionality to work if it's still plugged in (still be able to store and access his data)....This will of course rely on the BIOS version, and type of computer. As far as I know, most, if not all, BIOS allow this type of setting.

As far as running programs, I think Steve's idea should work with this one. I think you can limit what get's accessed with a GPO from a USB drive.
 
I appreciate the help. Could somebody give me a vector to where to look in order to set up the GPO? Thanks
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top