How to disable USB flash drives, disable USB storage devices, and prohibit USB flash drives from copying computer files
USB flash drives and mobile hard disks are currently widely used USB storage tools, which greatly facilitates work. But at the same time, employees can easily copy computer files through USB flash drives, mobile hard drives, and other security mechanisms, which brings great challenges to organization information security and business confidential protection. The use of USB storage devices is prohibited for units with strict confidentiality protection. However, due to the popularity of USB mouse and keyboard, USB shield, USB printers, and other devices, so that the USB port cannot be completely disabled. Therefore, we should treat it differently when controlling the use of USB devices as follows:
Method 1: Disable USB flash drives and USB storage devices by means of group policies to prevent computer files from being copied through USB storage devices.
First download the usb. adm file in the attachment
The procedure is as follows:
1. Create a GPO Group Policy in the OU in the DC.
2. Add it to group policy-Computer Configuration-management template,
3. In "View"-"filter", remove the check box before "display only policy settings that can be fully managed ".
4. Right-click a template and choose "add or delete template"> "add usb. adm template file -- click Close Window to display custom policy settings to enter, you can see that the device, right-click the device you want to set, such as disable usb. In the displayed Properties dialog box, click enabled in disable usb ports, and restart the computer. Then, you will find that the usb interface is unavailable, disable or select disabled if you want to recover. Other devices also perform the same operation.
In order to facilitate reading, we have updated one piece.
The correct method is to select "Disabled" or "Enabled" in the drive to be set"
Example 1: Disable a soft drive;
"Disabled Floppy"-> select disabled Floppy Drive as "Enabled ".
Example 2: Enable the soft drive
"Disabled Floppy"-> select disabled Floppy Drive as "Disabled"
So far, we have disabled the use of USB storage devices through the Group Policy. However, it is implemented through relevant operating system settings. Therefore, some technical staff can easily re-enable the USB flash drive by modifying the USB flash drive in reverse mode, which makes it difficult to disable the USB flash drive through group policies, it is easy for some technical staff to bypass and re-enable it. In this case, we can consider using the second method.
Method 2: Disable USB storage devices by using special USB port disabling software and USB flash drive shielding software.
At present, there is a dedicated software in China to disable USB storage devices, without affecting the use of non-USB storage devices. For example, there is a "portable to USB control system" (: http://www.grabsun.com/monitorusb.html), just after the computer installation, You can automatically, in real time to disable the use of USB storage devices, this does not affect the use of non-USB storage devices. At the same time, you can only use a specific USB storage device, so that the company's licensed USB flash drive can be used; you can only copy files from the USB flash drive to the computer and prohibit copying files from the computer to the USB flash drive, or you must enter a password to copy the file, so as to further precisely control the use of USB storage devices. As shown in:
Figure: Disable USB storage devices such as USB flash drives and mobile hard drives
At the same time, you can use "Disable to disable USB interface software" to prohibit computers from sending email attachments, uploading computer files from online storage, uploading Forum attachments, and sending QQ files, fully protects the security of computer files and prevents leaks through the network.
In addition, disabling software through the USB interface can also disable the computer from opening the registry, disable the Device Manager, prohibit the modification of boot items, prohibit the Computer Management, prohibit the USB flash drive from starting the computer, prohibit the computer from starting the computer from the CD, Disable boot press F8 to enter the operating system security mode, this prevents some technical staff from attempting to modify computer configurations and re-enable the USB flash drive, fully and completely protecting the computer file security and operating system security.
In short, whether it is to prohibit the use of USB flash drives through the operating system group policy, or to prohibit the use of USB flash drives, shielding USB storage devices, can play a certain role, however, it is easier to prohibit the use of USB ports through software. At the same time, it can prevent leakage of confidential computer files through the network and restrict the key locations of the operating system, it also protects the computer's own security, thus achieving more rigorous protection of computer file security.