The ad domain controller prohibits USB devices through Group Policy

Source: Internet
Author: User

Question: How do I disable a USB port device in a domain environment?

The first: In the traditional way, disable USB in the BIOS.

The second type:

Microsoft Technical Support Answer: According to your needs, Windows recognized USB device mainly through two files, one is USBSTOR.PNF, the other is Usbstor.inf, when the computer first use USB device before disabling these two files can reach our goal.
1. Open Active Directory Users and Computers;
2, select the OU that need to disable the USB device, and click the right mouse button to Group Policy;
3. Create a GPO for USB and click Edit to open the Group Policy Editor;
4. Enter the Group Policy Editor and expand Computer Configuration, Windows settings, security settings, and file system.
5, right click "Add Files", pop "Add Files and Folders", enter "%systemroot%\inf\usbstor.inf" in the "Folder" field, OK; You see articles from Active Directory SEO/http/ Gnaw0725.blog.51cto.com/156601/d-1
6, in "Database Security settings", delete all users, and add "Everyone", remove the default Allow "Read and execute", "List Folder Contents", "read", add deny "Full Control";
7, the "Add Objects" window, the default current settings, to re-edit security permissions, you can click on "Edit Security Settings" to re-set, confirm, exit settings;
8, in addition, repeat 5, 6, 7 steps, to "%systemroot%\inf\usbstor." PNF "to set up;
9. Close the Group Policy Editor;
10, use "Gpupdate/force", forcibly refresh the policy.

The above method can only be used for computers that have not been using USB to take effect, if some computers in the enterprise have used a USB flash drive and other devices, it will also need to modify the registry to achieve the purpose. Registry key values that need to be modified are located at:
Hkey_local_machine\system\currentcontrolset\services\usbstor
Under Windows 2000, the key value is Hkey_local_machine\system\currentcontrolset\services\usbhub,
Open the registry location above, we can see the key value of start, we need to modify the key value to 4, by default 3 (3 means manual, 2 is automatic, 4 means deactivate), to use Group Policy to deploy, you need to use a script to run it.

In addition, the following Microsoft documentation provides information about:
823732: How to disable the USB storage device
Http://support.microsoft.com/kb/823732/zh-cn


Zhao (Ken Zhao) Microsoft Global Technical Support Center

The ad domain controller prohibits USB devices through Group Policy

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.