0

I am the administrator of a company and recently I created an Active Directory with Windows Server 2012 R2 and windows 7 computers as clients . I have a Group Policy on all users to disable usb storage (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR ). I have done that because my boss asked me to do that . A guy from the office asked me to unlock the USB of his pc so he could transfer files , but I told him that I couldn't disobey the boss . He told me that he knows a way to enable the usb port but he couldn't tell me what was that. Also , the clients cannot access My computer because I have user another GPO which won't allow clients to access their drives.. I'm furious and anxious about that (If that guy can enable the usb storage ) . Is any other way a client can access his USB storage and transfer files ? Recently we transferred their old files in their new pcs. I don't know if anyone managed to transfer an .exe or something. Any advise would be helpful. Thanks

Lenos Adamou
  • 1

1 Answers1

0

Well don't worry there are always going to be 'power users' who think they can bypass what IT implement. Especially at the request of the senior members of staff.

So do your due diligence and the fact you're worried about it puts you in good stead. OK so aside from the fact he's going against company policy (should one exist and usually a disciplinary action) there are some things you can do to sure up your position. One of a combination of the below:

  1. Do not allow him to be a local administrator unless he needs to.
  2. Do not allow access to Regmon application - monitoring of registry changes
  3. Do not allow Regedit32 or Regedit on your windows machines. This should only be used by Domain Admins etc
  4. Use something like sophos or the like to disable certain exe's
  5. Look at restricting them in some way - disable the machine's USB in BIOS settings
  6. Use sophos or equivalent to only allow certain types of hardware to connect

That should cover the physical side somewhat, but don't forget you also have the threat of dropbox and equivalent. So best also to find out from the policy maker a few things.

  1. What's the purpose of the restriction?
  2. If someone goes against that what are the implications (who's to blame or at fault)

Here's a link for you to try and test potential exploits that he might be using: https://blogs.technet.microsoft.com/markrussinovich/2005/04/30/circumventing-group-policy-settings/

Hope that helps.

TheNerdyNerd
  • 101
  • 2