Locking Down USB Drives with Windows Server 2012 R2 and Windows 7 / 8.1



Similar documents
Locking Down USB Drives with Windows Server 2008 R2 and Windows Vista/7

BitLocker To Go User Guide

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Managing User and Computer Accounts

How to Install and Setup IIS Server

Printer Driver Installation Manual

Installing the Gerber P2C Plotter USB Driver

Configuration for Professional Client Access

CODESOFT Installation Scenarios

How To Install Database Oasis On A Computer Or Computer (For Free)

Transferring Scans from your Dolphin into Destiny

Como configurar o IIS Server para ACTi NVR Enterprise

Select Correct USB Driver

Installing the OKI MCx61MFP USB Attached, in Windows 8

EID/ERESIDENCE CARD MIDDLEWARE

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

Do not connect the printer to your computer s USB port until step #10

BitLocker to Go: Encryption for personal USB flash drives (Windows 7 and 8)

A. BACK UP YOUR CURRENT DATA. QuickBooks Business Accounting Software for Windows Account Conversion Instructions

Password Manager Windows Desktop Client

Gold Lock Desktop. User Manual. Follow these simple steps to install, configure, and use Gold Lock Desktop.

Installing GFI Network Server Monitor

Migrating from MyYSU Mail to Office 365 Microsoft Outlook 2010

Connecting to Remote Desktop Windows Users

USB Portable Firewall. User Manual

Install the Production Treasury Root Certificate (Vista / Win 7)

Additional Requirements for ARES-G2 / RSA-G2. One Ethernet 10 Base T/100 Base TX network card required for communication with the instrument.

The purpose of this document is to describe how to connect Crystal Reports with BMC Remedy AR System using ODBC.

Using the Communication Ports on the DG-700 and DG-500 Digital Pressure Gauges

Microsoft Outlook 2007 to Mozilla Thunderbird and Novell Evolution Conversion Guide

Printer Driver Installation Guide

Global Image Management System For epad-vision. User Manual Version 1.10

LPT1 Printer Connector. External Power Supply Connector Power Indicator

How to Connect to Berkeley College Virtual Lab Using Windows

Installer Assistance Windows XP

Procedure to Install Printer to the LifeWindow 6000 Rev 3.

BitLocker To Go USB Flash Drive encryption User Guide

The FlexiSchools Online Order Management System Installation Guide

Centran Version 4 Getting Started Guide KABA MAS. Table Of Contents

Using Spectra on Mac

MyUSBOnly User Guide Menu

e-dpp May 2013 Quick Installation Guide Microsoft Windows 2003 Server, XP, Vista, 7 Access Database

DriveLock Quick Start Guide

How do I EVOLVE to Best Practice Software?

SmartDraw Installation Guide

Configuring WPA2 for Windows XP

Verbatim Secure Data USB Drive. User Guide. User Guide Version 2.0 All rights reserved

Install USB drivers on Windows

How to Install Applications (APK Files) on Your Android Phone

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Instructions for connecting to the FDIBA Wireless Network. (Windows XP)

Promap V4 ActiveX MSI File

ScanWin Installation and Windows 7-64 bit operating system

2. PMP New Computer Installation. & Networking Instructions

Medtech Clinical Audit Tool Installation Guide

MetaXpress High Content Image Acquisition & Analysis Software

Virtual Office Remote Installation Guide

4cast Client Specification and Installation

AdminToys Suite. Installation & Setup Guide

Universal Management Service 2015

Operating System Installation Guide

Using Remote Web Workplace Version 1.01

Frequently Asked Questions

Installing GFI Network Server Monitor

Step by step guide for connecting PC to wired LAN at dormitories of University of Pardubice

for Windows 7 Laplink Software, Inc. Quick Start Guide h t t p : / / w w w. l a p l i n k. c o m / h e l p MN-LLG-EN-15 (REV.

Managing Users, Computers, & Groups

1 Installation. Note: In Windows operating systems, you must be logged in with administrator rights to install the printer driver.

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Diamond II v2.3 Service Pack 4 Installation Manual

Elo 1725L 17 Touch Screen Monitor Installation Guide. Product Name: Elo 1725L 17- inch Monitor

June 20, Copyright 2012 by World Class CAD, LLC. All Rights Reserved.

Printing Options. Netgear FR114P Print Server Installation for Windows XP

XConsole GUI setup communication manual September 2010.

The FlexiSchools Online Order Management System Installation Guide

How is Webmail Different than Microsoft Outlook (or other program)?

Supplement I.B: Installing and Configuring JDK 1.6

File Management and File Storage

Software Installation Requirements

WA1781 WebSphere Process Server v6.2 Administration. Classroom Setup Guide. Web Age Solutions Inc. Copyright Web Age Solutions Inc.

Pro-Watch Software Suite Installation Guide Honeywell Release 3.81

IT Quick Reference Guides Using Windows 7

Imation LOCK User Manual

User Guide. Live Meeting. MailStreet Live Support:

Contents. VPN Instructions. VPN Instructions... 1

Status Monitoring. Using Drivers by Seagull to Display Printer Status Information WHITE PAPER

Smart TPM. User's Manual. Rev MD-STPM-1001R

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

File and Printer Sharing with Microsoft Windows

Section 5: Installing the Print Driver

InventoryControl for use with QuoteWerks Quick Start Guide

Wimba Create. Version 2.6. Installation Guide

Distributing SMS v2.0

Nagios XI Mass Deploy NSClient++

Resolving USB Driver Problems

How To Install Outlook Addin On A 32 Bit Computer

DATACARD Firmware Update Instructions. Contents. Firmware Update Application for Windows Operating Systems. What You Need

What s New Guide: Version 5.6

The FlexiSchools Online Order Management (FOOM) Installation Guide

Transcription:

Locking Down USB Drives with Windows Server 2012 R2 and Windows 7 / 8.1 Author: David Gullett Published: November 1, 2014 Version: 1.00 Copyright 2014, Symmetrix Technologies http://www.symmetrixtech.com Table of Contents A. Introduction 1. Equipment Assumptions 2. Knowledge Assumptions 3. End Result B. Procedure 1. Operating Systems a. Windows Server 2008 R2 b. Windows Vista and Windows 7 2. Windows 2008 Group Policies Modifying the Server 2008 Group Policies 3. Results After the Group Policy C. Other Considerations

A. Introduction It's certainly no surprise with the proliferation of portable devices such as USB flash drives, USB hard drives, mobile phones and even cameras that extra care must now be taken to prevent data theft. With the prevalence of point of sale (POS) attacks it is more important than ever to prevent random devices to be plugged into your equipment and causing massive financial casualties. All it takes is a small USB key for you to have significant data loss and liabilities. Much of the risk of the recent high-profile point of sale (POS) attacks could have been been reduced with a simple step such as this. 1. Equipment Assumptions A Windows 2012 R2 domain with group policies enabled. Client workstations running Windows Vista, Windows 7 or Windows 8.1. This will not work with Windows XP. 2. Knowledge Assumptions Basic Windows server management skills including group policies this document outlines exact steps to prevent USB drives from being connected to workstations but you need to have a full understanding of group policies and your forest/domain structure as there can easily be adverse effects in complex environments. You've been warned! 3. End Result The purpose of this document is to provide a method of preventing users in a Windows Server 2012 R2 and Windows Vista/7/8.1 corporate environment from plugging in a removable USB device into a workstation and copying data to it or installing virus/trojan software. Even while testing this the procedures in this document the results weren't always consistent so it's really important that you test the method in your environment. At the very least it will give you a good starting place. As always, feedback is highly appreciated and we would like to update this document with your experiences. B. Procedure 1. Operating Systems We tested with the operating systems outlined below. If you're reading this you will likely be able to install these on your own. Windows Server 2012 R2 - This document was tested with Windows Server 2012 R2 installed as a domain controller. Earlier versions may work similarly but because of time considerations we just used the newest release. Windows Vista, Windows 7 and Windows 8.1 - We used only Windows Vista, Windows 7 and Windows 8.1 on the client machines for testing for reasons that you'll see in the screenshots below.

2. Windows 2012 R2 Group Policies The first step is to modify the domain's group policies. Log on to a domain controller as a domain administrator equivalent account. Click on the Windows icon in the lower left corner and the Server Manager. Once the Manager is open, click on Tools on the upper right hand side and then Group Policy Management.

Drill down through the group policy management pane until you reach the Default Domain Policy. Right-click on it and select Edit. Drill down through the policy settings on the left to Computer Configuration/Policies/Administrative Templates/System/Device Installation/Device Installation Restrictions. In the right pane double click on the Prevent Installation of Removable Devices line.

In the next box, click the Enabled radio button and click OK. As you can see in the image below, this modification will only work with Windows Vista or newer. If you're still running legacy XP PCs there are third party utilities that will enable you to do this. 3. Results a. Windows 7 Once the policy takes effect you will get an Device installation was prevented by policy error in Windows 7 when a USB drive is inserted into the target machine (shown below).

When you click on the balloon error you get get a standard dialog box also reading Device installation was prevented by policy in the center of the screen. b. Windows 8.1 Windows 8.1 behaves slightly differently. The drivers will silently to fail to install but if you go to device manager you can see the non-installed device:

If you right-click on Mass Storage in Device Manager and select Update Driver Software, it will locate the driver and refuse to install the software so the USB is blocked: C. Other Considerations As with any document relating to security, don't take this guide as absolute gospel. You need to perform thorough testing in your environment. We also highly recommend reviewing Microsoft's documentation regarding group policies. Pay particular attention to controlling the policy scope through linking to organizational units. Another excellent tool provided by Microsoft is the Group Policy Results Wizard (this used to be called the Resultant Set of Policy, or RSoP tool in earlier versions of Windows). It generates reports that show you exactly how policies are applied to specific users or computers. This is located in the Group Policy Management tool. ------- Comments, feedback and contributions are welcome and encouraged at articles@symmetrixtech.com. Visit us on the web at http://www.symmetrixtech.com for the latest news on Snort Report and to download the newest version. Revision History: 2014-11-01 1.0 - Initial release

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information