Scribd Logo
Upload

Welcome to Scribd!

  • HOWTO - Use Group Policy To Disable USB, CD-ROM, Floppy Disk and LS-120 Drivers

    Uploaded by

    Anderson Guzmán
    57 views2 pages
    HOWTO_ Use Group Policy to Disable USB, CD-ROM, Floppy Disk and LS-120 Drivers

    Original Title

    HOWTO_ Use Group Policy to Disable USB, CD-ROM, Floppy Disk and LS-120 Drivers

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    HOWTO_ Use Group Policy to Disable USB, CD-ROM, Floppy Disk and LS-120 Drivers

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    57 views2 pages

    HOWTO - Use Group Policy To Disable USB, CD-ROM, Floppy Disk and LS-120 Drivers

    Uploaded by

    Anderson Guzmán
    HOWTO_ Use Group Policy to Disable USB, CD-ROM, Floppy Disk and LS-120 Drivers

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    17/6/2015

    HOWTO:UseGroupPolicytodisableUSB,CDROM,FloppyDiskandLS120drivers

    Support
    By product

    Downloads

    Store

    Contact us

    HOWTO: Use Group Policy to disable USB, CDROM, Floppy Disk and LS-120 drivers
    Support for Windows Server 2003 will end on July 14,
    2015

    Support for Windows Server 2003 will end on July 14, 2015

    Microsoft will end support for Windows Server 2003 on July 14, 2015. This change will affect your software updates and security options.
    Learn what this means for you and how to stay protected.

    Article ID: 555324 View products that this article applies to.

    Author:Simon Geary MVP

    System Tip
    This article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you.
    Visit the Windows 7 Solution Center

    SYMPTOMS
    By default, Group Policy does not offer a facility to easily disable drives containing removable media, such as USB ports, CDROM drives, Floppy Disk drives and high
    capacity LS120 floppy drives. However, Group Policy can be extended to use customised settings by applying an ADM template. The ADM template in this article allows
    an Administrator to disable the respective drivers of these devices, ensuring that they cannot be used.

    RESOLUTION
    Import this administrative template into Group Policy as a .adm file. See the link in the More Information section if you are unsure how to do this.

    CLASS MACHINE
    CATEGORY !!category
    CATEGORY !!categoryname
    POLICY !!policynameusb
    KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
    EXPLAIN !!explaintextusb
    PART !!labeltextusb DROPDOWNLIST REQUIRED

    VALUENAME "Start"
    ITEMLIST
    NAME !!Disabled VALUE NUMERIC 3 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
    END ITEMLIST
    END PART
    END POLICY
    POLICY !!policynamecd
    KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
    EXPLAIN !!explaintextcd
    PART !!labeltextcd DROPDOWNLIST REQUIRED

    VALUENAME "Start"
    ITEMLIST
    NAME !!Disabled VALUE NUMERIC 1 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
    END ITEMLIST
    END PART
    END POLICY
    POLICY !!policynameflpy
    KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
    EXPLAIN !!explaintextflpy
    PART !!labeltextflpy DROPDOWNLIST REQUIRED

    VALUENAME "Start"
    ITEMLIST
    NAME !!Disabled VALUE NUMERIC 3 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
    END ITEMLIST
    END PART
    END POLICY
    POLICY !!policynamels120
    KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
    EXPLAIN !!explaintextls120
    PART !!labeltextls120 DROPDOWNLIST REQUIRED

    https://support.microsoft.com/enus/kb/555324

    1/2

    17/6/2015

    HOWTO:UseGroupPolicytodisableUSB,CDROM,FloppyDiskandLS120drivers
    VALUENAME "Start"
    ITEMLIST
    NAME !!Disabled VALUE NUMERIC 3 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
    END ITEMLIST
    END PART
    END POLICY
    END CATEGORY
    END CATEGORY

    [strings]
    category="Custom Policy Settings"
    categoryname="Restrict Drives"
    policynameusb="Disable USB"
    policynamecd="Disable CDROM"
    policynameflpy="Disable Floppy"
    policynamels120="Disable High Capacity Floppy"
    explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver"
    explaintextcd="Disables the computers CDROM Drive by disabling the cdrom.sys driver"
    explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver"
    explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver"
    labeltextusb="Disable USB Ports"
    labeltextcd="Disable CDROM Drive"
    labeltextflpy="Disable Floppy Drive"
    labeltextls120="Disable High Capacity Floppy Drive"
    Enabled="Enabled"
    Disabled="Disabled"

    MORE INFORMATION
    For more information about applying Administrative Template files, including instructions on how to use the above template, download the Microsoft White Paper 'Using
    Administrative Template Files with RegistryBased Group Policy' from here.

    http://www.microsoft.com/downloads/details.aspx?FamilyID=e7d72fa162fe435883608774ea8db847&displaylang=en

    This template is considered a preference rather than a true policy and will tattoo the registry of client computers with its settings. If this template is moved out of scope of
    the Group Policy which applies it, the registry changes it makes will remain. If you wish to reverse the settings made by this template, simply reverse the options to re
    enable the drivers.

    Preference settings are hidden by default in the Group Policy template editor. When applying this template, follow these instructions to change the view settings that
    allow preferences to be viewed.

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/e50f1e64d7e54b6d87ffadb3cf874365.mspx

    Properties
    Article ID: 555324 Last Review: June 8, 2005 Revision: 1.0
    APPLIES TO
    Microsoft Windows Server 2003, Standard Edition
    Microsoft Windows Server 2003, Enterprise Edition
    Microsoft Windows Server 2003, Datacenter Edition
    Microsoft Windows Server 2003, Enterprise Edition for Itaniumbased Systems

    Keywords: kbpubmvp kbpubtypecca kbhowto KB555324


    COMMUNITY SOLUTIONS CONTENT DISCLAIMER
    MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS
    CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY
    DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NONINFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE
    FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA
    OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON
    CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

    Give Feedback

    https://support.microsoft.com/enus/kb/555324

    2/2

    You might also like