Quote:
Originally Posted by streaker69
GPO works well, I realize that, problem is, it can also work against the local admin at the same time. This is a quick and simple way to secure the USB ports and still make them available to the local admin quickly.
|
I have the admin's in a separate OU and a different GPO so it doesn't affect us. And I do agree that it affects the local admin but I don't have my network setup where it would affect them. I just don't want the USB ports enabled at all.
On a side note, I was talking with some security admin's at another company and they were talking about how secure their network is now that they disabled USB card access. I reminded them that they have users with Phones that have MicroSD cards in them and asked what security they had against that. They didn't know about the Mass Storage Device or that some users can enable Bluetooth and copy files to the MicroSD cards. They did an audit of the company and the cell phones and found one user that was doing just what I said and had a lot of company information on their MicroSD card, The user was taking the card out and putting it in the SD card reader and putting that in the built in reader on the laptop and moving files over. The user also had put in notice that he was leaving the company. They found out from the files what company he was going to and let the lawyers have all the info.