Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 02-11-2005, 07:49 AM   #1 (permalink)
Addict
 
Location: Grey Britain
sbs 2003 Devices and security

Our company has just invested in a couple of 256MB USB memory sticks, one for the boss and one for "general office use" (!).

I urgently need to set up group policy so that absolutely nobody can use any kind of USB devices without authorisation. It would also be good if we could do the same for all removable storage media at the same time.

I'm still getting to grips with sbs 2003 and have rummaged through the Group Policy Object Editor with no success.

Does anybody out there already know how to do this?
__________________
"No one was behaving from very Buddhist motives. Then, thought Pigsy, he was hardly a Buddha, nor was he a monkey. Presently, he was a pig spirit changed into a little girl pretending to be a little boy to be offered to a water monster. It was all very simple to a pig spirit."
John Henry is offline  
Old 02-11-2005, 08:05 AM   #2 (permalink)
Professional Loafer
 
bendsley's Avatar
 
Location: texas
Are you running Active Directory in a domain? If so, you should move your people there into different OUs and then set GPOs from there.

I would suggest that you open your MMC, and add the snap-in Group Policy Management (from microsoft.com) and go from there. It will show your Forest(s), then Domain(s)/Site(s), Group Policy Modeling and Group Policy Results.

Are you following me here or do I need to explain further.

Please note that my network is running AD on a couple of domain controllers using Windows 2003 SE, not SBS.
__________________
"You hear the one about the fella who died, went to the pearly gates? St. Peter let him in. Sees a guy in a suit making a closing argument. Says, "Who's that?" St. Peter says, "Oh, that's God. Thinks he's Denny Crane."
bendsley is offline  
Old 02-11-2005, 05:52 PM   #3 (permalink)
Insane
 
Jolt's Avatar
 
Location: Over here
I don't know how to do this, but I can fill in some info on SBS so maybe someone else can.

A machine running SBS *must* be a PDC. This is written in stone. There is no way to de-promote SBS or join it to an existing domain.

Here's my hack-kluge-workaround: If you don't have too many clients, go around and disable their USB controllers in CMOS, then set passwords on the CMOS setup program.

Time to go off on a tangent:
I presume you are concerned about some employee bringing in their own flash drive and carting off sensitive documents. If you're that paranoid about such matters, SBS might not have been the best choice...whereas with 2003 Standard, you can enable Terminal Services...and dumb down all your desktops...all sensitive material remains only on the server.
ok, tangent over, back to your thread.
Jolt is offline  
 

Tags
2003, devices, sbs, security


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 08:09 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47