we Can block USB removable devices on all our workstations but when someone plugs in a iphone, sony,Samsung or any android smart phones into the system, it acts as a removable storage device do to the fact it it is using MTP not usb mass storage device protocol which now becomes a security threat to our organization
Do the steps below :
Wrok group:
start->run-> gpedit.msc-> Computer configuration -> Administrative Templates -> System->Removable storage Access -> WPD Device denay read/write access -> enable
Start -> Run -> gpupdate /force.
For dmoain(Server 2008,R2, 2013):
Start -> administrative tools-> group policy management(expand your forest)->right click your domain ->create gpo inthis domain -> right click your gpo -> edit->Computer configuration -> Administrative Templates -> System->Removable storage Access -> WPD Device denay read/write access -> enable->enforce policy
Start -> run-> gpupdate-> restart the server
Do the steps below :
Wrok group:
start->run-> gpedit.msc-> Computer configuration -> Administrative Templates -> System->Removable storage Access -> WPD Device denay read/write access -> enable
Start -> Run -> gpupdate /force.
For dmoain(Server 2008,R2, 2013):
Start -> administrative tools-> group policy management(expand your forest)->right click your domain ->create gpo inthis domain -> right click your gpo -> edit->Computer configuration -> Administrative Templates -> System->Removable storage Access -> WPD Device denay read/write access -> enable->enforce policy
Start -> run-> gpupdate-> restart the server
It's working ......
ReplyDeleteThanks a lot. its working. really great...
ReplyDeletePrakash, would it be possible to give read only access to MTP/PTP devices? I suspect this is not possible.
ReplyDeletePrakash, would it be possible to give read only access to MTP/PTP devices? I suspect this is not possible.
ReplyDeleteThanks
ReplyDelete