We need to set your systems to allow administrator login users to access a USB drive (if slugged into the USB port) but deny non-admin users.
I've found a plethora of online articles describing how to lock or deny users from using the USB port for drives i.e. Five ways to enable or disable USB drive access
With that said, I can't determine if any of these or all of these work across the board for all users, including administrator users, or just non-admin users.
This Super User Entry implies that the setting is for non-admins, but I'm not entirely sure if I understand the response correctly. It states,
"...choose the non-administrators group"
I don't typically administrate Windows, so I'm not all that familiar with how the group policy editor works with regard to settings applying to specific groups or users, etc. Same file file and folder permissions. Anything beyond very basic allow/deny is beyond my core experience.
One intriguing method specifies setting file permissions on a couple of files to Deny SYSTEM and User access to the files. I'm thinking this method would be a good way to go to allow admins to have access to the files while denying non-admins; however, I'm concerned that having SYSTEM denied will throw a wrench in the works. I'd need admin/SYSTEM allowed and user/SYSTEM denied. Is that even possible?
With that said, I'd appreciate any assistance. We're using Windows Server 2008 R2 along with a bunch of Windows 8 and 10 workstations.
