Assume that you want to prevent users from connecting to a USB storage device that is connected to a computer that is running Windows XP, Windows Server 2003, or Windows 2000.
If a USB storage device is not already installed on the computer, assign the user or the group and the local SYSTEM account Deny permissions to the following files:
- %SystemRoot%\Inf\Usbstor.pnf
- %SystemRoot%\Inf\Usbstor.inf
When you do this, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:
1. Start Windows Explorer--> and then locate the %SystemRoot%\Inf folder.
2. Right-click the Usbstor.pnf file--> and then click Properties.
3. Click the Security tab.
4. In the Group or user names list--> add the user or group that you want to set Deny permissions for.
5. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control.
Note: Also add the System account to the Deny list.
6. In the Group or user names list--> select the SYSTEM account.
7. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control--> and then click OK.
8. Right-click the Usbstor.inf file--> and then click Properties.
9. Click the Security tab.
10. In the Group or user names list--> add the user or group that you want to set Deny permissions for.
11. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control.
12. In the Group or user names list--> select the SYSTEM account.
13. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control--> and then click OK.
1. Start Windows Explorer--> and then locate the %SystemRoot%\Inf folder.
2. Right-click the Usbstor.pnf file--> and then click Properties.
3. Click the Security tab.
4. In the Group or user names list--> add the user or group that you want to set Deny permissions for.
5. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control.
Note: Also add the System account to the Deny list.
6. In the Group or user names list--> select the SYSTEM account.
7. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control--> and then click OK.
8. Right-click the Usbstor.inf file--> and then click Properties.
9. Click the Security tab.
10. In the Group or user names list--> add the user or group that you want to set Deny permissions for.
11. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control.
12. In the Group or user names list--> select the SYSTEM account.
13. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control--> and then click OK.
No comments:
Post a Comment