Skip to main content

Blocking USB is big thing ???

Hello Fellas, 

Do you really think blocking USB is big thing?

If yes let me remind you in Windows World everything is registry and if something is blocked than it has same registry to unlock it. 

You can block USB mass storage with Symantec End Point Protection also and it’s even more simple than Group policy few next and you are good.


Symantec Endpoint Protection you can block access for users to use USB Pen drives and allow usage of Keyboard and mouse. 
1. In the SEPM, Under View Policies, select Application and Device Control
2. Right click the Application and Device Control Policy and select Edit.
3. Select the Device Control view.
4. Under the Blocked Devices section, click Add, select USB and click OK. (If Disk Drives isn't listed, it is already added as a Blocked Device).
5. Under Devices Excluded from Blocking, click Add.
6. Select Human Interface Devices and the devices to restrict one of its functions. click OK.
7. Click OK to the Application and Device Control policy window and assign this policy to the client group.
Here are the reference articles: 
How to block USB hard drives in SEP, but allow reading specific USB drives in the SEPM Application and Device Control Policy
How to use Application and Device Control to block all USB devices except those I specifically want to allow

  
How disable in Windows.

Give Deny permissions to following Files
%SystemRoot%\Inf\Usbstor.pnf
%SystemRoot%\Inf\Usbstor.inf

Or

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbstor.
Change value to 4

Use GPO to target it to all computers.



Comments

Post a Comment

Popular posts from this blog

"kerberos: the specified credentials were rejected by the server", "unreachable": true" Ansible

Hello Friends, I was getting following Error while deploying my Ansible script, Basically my credential were getting rejected by server. SSH password: PLAY [Playbook_Name] ***************************************************************02:00:30 TASK [Gathering Facts] *********************************************************02:00:30 fatal: [Server_Inventory_Name]: UNREACHABLE! => {"changed": false, "msg": "kerberos: the specified credentials were rejected by the server", "unreachable": true} PLAY RECAP *********************************************************************02:00:30 Server_Inventory_Name    : ok=0    changed=0    unreachable=1   failed=0  It was resolved using one additional parameter in Inventory  i.e  "ansible_winrm_server_cert_vaildation:ignore"
1 comment
Read more

NBSUTIL commands

Frustrated with syntax finding hence decided to post all NBSTLUTIL related commands so people will not face same problem. Common SLP Related Commands Show EMM Image list of Images that were backed up to an SLP STU [ -I / -U ] nbstlutil list nbstlutil list –lifecycle <name> nbstlutil list –backupid <id_value> nbstlutil list -image_state <value> nbstlutil list -copy_state <value> nbstlutil list -frag_state <value> nbstlutil list –mediaid <media_id>_–state 3 Activate /Inactivate SLP operations nbstlutil inactive –lifecycle <lifecycle name> nbstlutil inactive –backupid <backupid> nbstlutil active –lifecycle <lifecycle name> nbstlutil active –backupid <backupid> Cancel pending operations on selected image nbstlutil cancel -backupid <backupid> nbstlutil cancel -lifecycle <lifecycle> Show status on Incomplete copies of Lifecycle Managed images nbstlutil stlilist –lifecycle <lifecycle name> nbstlutil stlil
Post a Comment
Read more

OSD or Onscreen menu is locked.

OSD or Onscreen menu is locked. I am having HP 20 Inch monitors on my Desk and was not able to change brightness and Sleep Timer etc for my monitor and was not able to get into the menu due to On Screen menu locked error. I know it's irritating issue. fix what i found for this is "Just hold menu button for 30 Sec and it will be solved. :)
Post a Comment
Read more