Blocking USB/DVD/iPhone Access via GPO

Had a client requesting we block USB/DVD access including smart phones. Base OS is SBS 2011 (essentially Server 2008 R2), unlike Server 2003 where we had to download the ADM template, 2008 r2 has these features native. To block access; 

  1. Create a new security group in AD
  2. Create new GPO
  3. Navigate to User configuration -> Policies -> Admin Templates -> System -> Removable Storage Access
  4. Select CD and DVD: Deny write access
  5. Select Remove Disks: Deny read and write access
  6. WPD Devices: Deny write access (iPhone’s etc; are classified as WPD)
  7. Link the GPO to the correct OU
  8. Apply Security Filtering to the Security group created in step 1
  9. Add the relevant members to the group and run a gpupdate /force 
Tagged , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: