1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Locking down USB ports

Discussion in 'Software' started by madman045, Sep 25, 2008.

  1. madman045

    madman045 Kilobyte Poster Premium Member

    271
    3
    49
    Can anyone recommend a product that will stop people using USB storage devices, but can be turned on and off where needed?

    I have a client that needs the computers in the office to not allow USB storage devices, but will work with keyboard, mouse etc..

    Now I dont want it applying to every computer as some users (director) need this access

    They are running SBS 2003 R2 and XP Clients

    Thanks

    Andy
     
    Certifications: 70-270, 70-290, PRINCE2 Foundation, VCA-DCV & VCA-DT
    WIP: MCSA 2008, VCP5-DCV, ITIL V3
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    DeviceWall is probably the market leader - but its not cheap (depending on how many users you have - it gets cheaper per seat the more seats you have)

    If you're a Vista shop, you could look at using the granular GPOs that allow you to lock devices down to the nth degree (even allowing only specific revisions of specifc models of devices from specific manufacturers)
     
    Certifications: A few
    WIP: None - f*** 'em
  3. Bambino1506

    Bambino1506 Megabyte Poster

    594
    8
    64
    Assuming they are part of a domain ? Group Policy would seem your best bet.
     
    Certifications: MCP,MCDST,MCSA
    WIP: CCA
  4. dales

    dales Gigabyte Poster

    1,998
    46
    97
    as your in a sbs environment what about [​IMG]
    Just a quick twist of the wrist and usb is a worry no more, a slight unfortunate side effect is that you wont be able to turn them on again!
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  5. Taita

    Taita Nibble Poster

    78
    0
    18
    GPO or superglue in the ports ;)
     
    Certifications: A+ N+ MCP
    WIP: MCSE
  6. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  7. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Nice idea - if it weren't for the fact that most keyboards & mice nowadays are USB only - and plenty of desktops now ship without PS/2 ports at all...
     
    Certifications: A few
    WIP: None - f*** 'em
  8. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Well I was speaking from my business point of view - right up to last year we always shipped ASUS units with ps2 ports and never supplied usb kb/mice
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  9. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Looked at the German site. Looks OK. Some adm files to activate the USB ports and some links to other solutions. One even to give only access to specific drive (by means of a special .cfg file).
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  10. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    I once brought this concern up with my last IT manager regarding the possibility of employees using USB wireless adapters or USB keys to copy medical record data. His solution: "Well... I think I'd just have to kill them."

    Well... at least that would solve the problem! :thumbleft :twisted:
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  11. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    LOL - I LIKE that solution!

    Think about it - it can be adapted to fit so many different scenarios.

    Problem: "Look - I know you told me that the Exchange server was slowing down and I need to reduce the size of my mailbox by archiving to .pst, but I've done this and I really can't get my mailbox below 6Gb"
    Solution: "Well... I think I'll just have to kill you."

    Problem: "I know you said we were running a secure network, but the guys in development wanted to use their laptops when they were in the toilet, so I put a little Netgear wireless router in. What's that? Encryption? - WEP schmep. No-one wants to use encryption - it slows performance down"
    Solution: "Well... I think I'll just have to kill you."

    Problem: "The lead on the kettle in the kitchen has broken, so I thought I'd come to you to ask you to fix it, since you work in IT."
    Solution: "Well... I think I'll just have to kill you."

    Ya see? It works for every situation. Cheers Mike - that's my new 'go to' phrase :biggrin
     
    Certifications: A few
    WIP: None - f*** 'em
  12. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    We could be onto something here...

    Problem: "I'm thinking about bringing in my Mac from home to use in the office, can you connect it to the network for me so I can get email and all that jazz?"
    Solution: "Well... I think I'll just have to kill you."

    8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  13. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    It works!

    That's it - I'm getting T-shirts printed.
     
    Certifications: A few
    WIP: None - f*** 'em
  14. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Ooh! Ooh! I want two!!!

    I just called my former IT manager... had a good laugh that he's now been immortalized. :biggrin
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  15. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    "I can't log in... AGAIN. I know you guys are changing my password." [side note: yes, this WAS said to me!]
    "We have better things to do than change your password. But to solve the problem... I guess I'll just have to kill you."
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  16. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    LOL I think Zeb is right that will solve all kinds of problems! And just to imagine the reactions.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  17. Alex Wright

    Alex Wright Megabyte Poster

    501
    9
    57
    My company uses a product from Centennial called DeviceWall.

    http://www.devicewall.com/

    It's class! :)
     
    Certifications: 70-680 Configuring Windows 7
    WIP: 70-642
  18. madman045

    madman045 Kilobyte Poster Premium Member

    271
    3
    49
    Thanks for all of the replies, seems devicewall it just the ticket, just got to get them to buy it now..

    Andy
     
    Certifications: 70-270, 70-290, PRINCE2 Foundation, VCA-DCV & VCA-DT
    WIP: MCSA 2008, VCP5-DCV, ITIL V3
  19. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    (ahem) just before I pulled this thread completely off-track, you will note that I suggested DeviceWall (post #2)

    Its easy to install, easy to configure and (reasonably) easy to manage. I implemented it at the last place i worked because of concerns over podslurping - you wouldn't believe the amount of unauthorised devices it picked up on its first sweep...
     
    Certifications: A few
    WIP: None - f*** 'em
  20. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    ...which gives you plenty of targets to have to go kill. :twisted:
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page

Loading...