Locking down USB ports

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Can anyone recommend a product that will stop people using USB storage devices, but can be turned on and off where needed?

I have a client that needs the computers in the office to not allow USB storage devices, but will work with keyboard, mouse etc..

Now I dont want it applying to every computer as some users (director) need this access

They are running SBS 2003 R2 and XP Clients

Thanks

Andy

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

DeviceWall is probably the market leader - but its not cheap (depending on how many users you have - it gets cheaper per seat the more seats you have)

If you're a Vista shop, you could look at using the granular GPOs that allow you to lock devices down to the nth degree (even allowing only specific revisions of specifc models of devices from specific manufacturers)

 

Assuming they are part of a domain ? Group Policy would seem your best bet.

 

as your in a sbs environment what about
Just a quick twist of the wrist and usb is a worry no more, a slight unfortunate side effect is that you wont be able to turn them on again!

 

GPO or superglue in the ports ;)

 

At the hardware level you could disable the ports in the BIOS and then password that

Also found a refernce for you to this article but it's in German (supposed to be very good tho' )

http://www.gruppenrichtlinien.de/index.html?/HowTo/usb_sticks_deaktivieren.htm

 

Nice idea - if it weren't for the fact that most keyboards & mice nowadays are USB only - and plenty of desktops now ship without PS/2 ports at all...

 

Well I was speaking from my business point of view - right up to last year we always shipped ASUS units with ps2 ports and never supplied usb kb/mice

 

Looked at the German site. Looks OK. Some adm files to activate the USB ports and some links to other solutions. One even to give only access to specific drive (by means of a special .cfg file).

 

I once brought this concern up with my last IT manager regarding the possibility of employees using USB wireless adapters or USB keys to copy medical record data. His solution: "Well... I think I'd just have to kill them."

Well... at least that would solve the problem!

 

LOL - I LIKE that solution!

Think about it - it can be adapted to fit so many different scenarios.

Problem: "Look - I know you told me that the Exchange server was slowing down and I need to reduce the size of my mailbox by archiving to .pst, but I've done this and I really can't get my mailbox below 6Gb"
Solution: "Well... I think I'll just have to kill you."

Problem: "I know you said we were running a secure network, but the guys in development wanted to use their laptops when they were in the toilet, so I put a little Netgear wireless router in. What's that? Encryption? - WEP schmep. No-one wants to use encryption - it slows performance down"
Solution: "Well... I think I'll just have to kill you."

Problem: "The lead on the kettle in the kitchen has broken, so I thought I'd come to you to ask you to fix it, since you work in IT."
Solution: "Well... I think I'll just have to kill you."

Ya see? It works for every situation. Cheers Mike - that's my new 'go to' phrase

 

It works!

That's it - I'm getting T-shirts printed.

 

Ooh! Ooh! I want two!!!

I just called my former IT manager... had a good laugh that he's now been immortalized.

 

"I can't log in... AGAIN. I know you guys are changing my password." [side note: yes, this WAS said to me!]
"We have better things to do than change your password. But to solve the problem... I guess I'll just have to kill you."

 

LOL I think Zeb is right that will solve all kinds of problems! And just to imagine the reactions.

 

My company uses a product from Centennial called DeviceWall.

http://www.devicewall.com/

It's class!

 

Thanks for all of the replies, seems devicewall it just the ticket, just got to get them to buy it now..

Andy

 

(ahem) just before I pulled this thread completely off-track, you will note that I suggested DeviceWall (post #2)

Its easy to install, easy to configure and (reasonably) easy to manage. I implemented it at the last place i worked because of concerns over podslurping - you wouldn't believe the amount of unauthorised devices it picked up on its first sweep...

 

...which gives you plenty of targets to have to go kill.