Quote:
Originally Posted by Thorn
I was thinking about this today, while at a client's in stalling a new Dell Vostro. Much of what used to have other ports has now gone to USB, specifically the keyboard, mouse, printer. The things that aren't USB are now just the display, speaker, and network. Creating a GPO turning off USB would render these PCs useless, or at least damned difficult to work. Now I'm wondering if there's some way to set a policy so that that disk device won't be allowed, but other devices would still be usable.
|
I particpated in a demonstration with Micro$oft where only a specific brand of USB devices were able to be connected to a laptop, desktop and Dell rack mounted server using GPO on Windows Servers 2007 and Vista Enterprise. You can specify the brand of a USB device and only that brand can connect.
Another option that i am currently investigating is mandatory encryption for all removable media. If it is not encrypted using the program on the desktop/server then a USB device or CD/DVD, can only be read from but not written to.
So I would say the answer to your question is yes, it can be restricted.