Skip to main content

Blocking USB is big thing ???

Hello Fellas, 

Do you really think blocking USB is big thing?

If yes let me remind you in Windows World everything is registry and if something is blocked than it has same registry to unlock it. 

You can block USB mass storage with Symantec End Point Protection also and it’s even more simple than Group policy few next and you are good.


Symantec Endpoint Protection you can block access for users to use USB Pen drives and allow usage of Keyboard and mouse. 
1. In the SEPM, Under View Policies, select Application and Device Control
2. Right click the Application and Device Control Policy and select Edit.
3. Select the Device Control view.
4. Under the Blocked Devices section, click Add, select USB and click OK. (If Disk Drives isn't listed, it is already added as a Blocked Device).
5. Under Devices Excluded from Blocking, click Add.
6. Select Human Interface Devices and the devices to restrict one of its functions. click OK.
7. Click OK to the Application and Device Control policy window and assign this policy to the client group.
Here are the reference articles: 
How to block USB hard drives in SEP, but allow reading specific USB drives in the SEPM Application and Device Control Policy
How to use Application and Device Control to block all USB devices except those I specifically want to allow

  
How disable in Windows.

Give Deny permissions to following Files
%SystemRoot%\Inf\Usbstor.pnf
%SystemRoot%\Inf\Usbstor.inf

Or

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbstor.
Change value to 4

Use GPO to target it to all computers.



Comments

Post a Comment

Popular posts from this blog

"kerberos: the specified credentials were rejected by the server", "unreachable": true" Ansible

Hello Friends, I was getting following Error while deploying my Ansible script, Basically my credential were getting rejected by server. SSH password: PLAY [Playbook_Name] ***************************************************************02:00:30 TASK [Gathering Facts] *********************************************************02:00:30 fatal: [Server_Inventory_Name]: UNREACHABLE! => {"changed": false, "msg": "kerberos: the specified credentials were rejected by the server", "unreachable": true} PLAY RECAP *********************************************************************02:00:30 Server_Inventory_Name    : ok=0    changed=0    unreachable=1   failed=0  It was resolved using one additional parameter in Inventory  i.e  "ansible_winrm_server_cert_vaildation:ignore"
1 comment
Read more

NBSUTIL commands

Frustrated with syntax finding hence decided to post all NBSTLUTIL related commands so people will not face same problem. Common SLP Related Commands Show EMM Image list of Images that were backed up to an SLP STU [ -I / -U ] nbstlutil list nbstlutil list –lifecycle <name> nbstlutil list –backupid <id_value> nbstlutil list -image_state <value> nbstlutil list -copy_state <value> nbstlutil list -frag_state <value> nbstlutil list –mediaid <media_id>_–state 3 Activate /Inactivate SLP operations nbstlutil inactive –lifecycle <lifecycle name> nbstlutil inactive –backupid <backupid> nbstlutil active –lifecycle <lifecycle name> nbstlutil active –backupid <backupid> Cancel pending operations on selected image nbstlutil cancel -backupid <backupid> nbstlutil cancel -lifecycle <lifecycle> Show status on Incomplete copies of Lifecycle Managed images nbstlutil stlilist –lifecycle <lifecycle name> nbstlutil stlil...
Post a Comment
Read more

Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions

Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click  Start , point to  Administrative Tools , point to  Remote Desktop Services , and then click  Remote Desktop Session Host Configuration . Under  Connections , right-click the name of the connection, and then click  Properties . In the  Properties  dialog box for the connection, on the  Sessions  tab, select the following options as necessary: Select the  Override user settings  check box, and then set timeout settings for  End a disconnected session ,  Active session limit , and  Idle session limit . Select the  Override user settings  check box, and then select one of the following reconnection settings:  Disconnect from session  or  End session . Cli...
Post a Comment
Read more