SecurityFocus

RE: Controlling specific USB devices on Windows XP Jun 14 2006 02:05PM
Steven Hay (shay communitysavings ca) (4 replies)

RE: Controlling specific USB devices on Windows XP Jun 15 2006 01:03AM
Roger A. Grimes (roger banneretcs com)

RE: Controlling specific USB devices on Windows XP Jun 14 2006 05:51PM
Trevor (trevor rottdog com) (1 replies)

Yes, Vista contains quite a few USB control options. Many specifically
relate to USB Mass Storage devices, so if you don't want to lock down
the mice but instead target USB key chains, etc. it will be possible.

We currently use the XP SP2 ability to lock down writing to USB devices.
While that is only 50% of the equation we really need, it is effective.
Since there are business justifications for being able to use these
devices in a write mode, the GPO is separate from all others. We have a
group that has Deny access to that GPO. We just add computers to the
GPO and manually reverse the registry entry controlling the USB device
to allow users to write to them. It works...

-Trevor

-----Original Message-----
From: Steven Hay [mailto:shay (at) communitysavings (dot) ca [email concealed]]
Sent: Wednesday, June 14, 2006 7:05 AM
To: security-basics (at) securityfocus (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Controlling specific USB devices on Windows XP

Just curious, does anyone know if Vista is going to have any
intelligence for USB control built in either by registry key or
additional GPO?

-----Original Message-----
From: Ken S [mailto:ken.securitylist (at) gmail (dot) com [email concealed]]
Sent: June 13, 2006 3:06 PM
To: security-basics (at) securityfocus (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Controlling specific USB devices on Windows XP

I am investigating the possibility of locking down Windows computers to
only allow specific USB devices to attach. I'm considering the mtrust
product from www.m-systems.com, which the marketing materials say can
force users to only use their particular USB storage devices (or those
that they OEM to others, like Kingston, Verbatim, etc.).

Does anyone have experience with this package? If so, what are the pros
and cons?

Also, are there other solutions are out there that can ensure only
specific USB storage devices are allowed on a system?

Is there anything specific for biometric USB storage?

Any comments on the effectiveness of such software?

Thanks,

Ken S

------------------------------------------------------------------------

---
------------------------------------------------------------------------

---

------------------------------------------------------------------------

---
------------------------------------------------------------------------

---

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

[ reply ]

RE: Controlling specific USB devices on Windows XP Jun 15 2006 02:29PM
George Njoku (george turnereng com) (1 replies)

Re: Controlling specific USB devices on Windows XP Jun 15 2006 06:58PM
Greg Merideth (gmerideth ftnj net) (1 replies)

Re: Controlling specific USB devices on Windows XP Jun 15 2006 08:17PM
Harlan Carvey (keydet89 yahoo com) (2 replies)

Re: Controlling specific USB devices on Windows XP Jun 19 2006 02:02PM
Chris Poldervaart (chris listserv comcast net)

Re: Controlling specific USB devices on Windows XP Jun 16 2006 12:56AM
Greg Merideth (gmerideth ftnj net)

RE: Controlling specific USB devices on Windows XP Jun 14 2006 05:30PM
Kurt Dillard (Kurt Dillard microsoft com)

RE: Controlling specific USB devices on Windows XP Jun 14 2006 04:04PM
Depp, Dennis M. (deppdm ornl gov)