Controlling access to removable media
This week's tip: Controlling access to removable media has always been a problem when managing Win2K and Windows NT clients, and Win2K adds removable hard disk media to the mix. You can find access control to removable media at:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
There are quite a few values here, but we're concerned with only three of them:
AllocateFloppies
AllocateCDRoms
Allocatedasd
With AllocateFloppies and AllocateCDRoms, the default value is 0, which lets all users access the device. Changing this value to 1 lets only locally logged-on users access the removable disk or CD-ROM. To enable this restriction, you also need to delete the administrative shares that are created by default.
Allocatedasd (DASD is an old mainframe term for Direct Access Storage Device--a hard drive) has three possible values to control access:
- 0 Only members of the computer's Administrator group.
- 1 Only members of the Administrator and Power Users groups.
- 2 Only members of the Administrator group and the local current
user.
David Chernicoff
|