Allow non-power users to “safely” eject removable media.
Does anyone know a way in which I can allow out public computer users the ability to safely remove their flash media drives? I found a setting in group policy, but I can only allow admins or power users. I do not want to make the public user a power user on the local machine.
The clients are WinXP Pro and the server is Win 2003. I am running a domain with Active Directory.
Software/Hardware used:
Software/Hardware used:
ASKED:
November 21, 2006 4:21 PM
UPDATED:
November 22, 2006 10:29 PM
Answer Wiki:
I had the same situation. I wanted school students to be able to remove their USB drives without giving them rights. Here is what I did:
1. Create a shortcut named ?Safely Remove Hardware? with the target location of %windir%System32RUNDLL32.EXE shell32.dll,Control_RunDLL hotplug.dll
2. Place the shortcut on your start menu (network or local)
3. Open your User Policy and go to Administrative Templates/Control Panel. Change the setting ?Prohibit access to the Control Panel? to ?Not configured?.
4. Change the ?Show only specified Control Panel Applets? to ?Enable? then click the Show button, click the add button and type in sysdm.cpl.
Step #4 only allows them to run the applet not get into the control panel itself.
Hope this helps, Toby
To see all answers submitted to the Answer Wiki: View Answer History.
per Sandisk:
These steps are not required for Windows XP.
Use the “Safe to Remove Hardware” hotplug
icon in the notification area ofthe taskbar to
safely remove the device before unplugging.
I have not had any loss of data or corruption when just unplugging. Just make sure any apps running from the drive are stopped, any data copy is completed.
FYI, I have had a number of users corrupt data by just unpluging flash drives. It took aout a 6 monthes to a year but it did happen and when it happened they were not happy. Luckly I was able to retrieve must of the data.
spadasoe,
The problem I face is with the public users. I do not have the time nor energy to show each and every one of them documentation that says they do not have to safely remove the hardware. I myself, generally do not use it.
I think you were telling me to use:
Use the “Safe to Remove Hardware” hotplug
icon in the notification area ofthe taskbar to
safely remove the device before unplugging.
But, they do not have access to this. It says that they do not have permission to eject the media. That is the problem.
Place a banner on the background if necessary and
Set rights to Adminsitrators and Interactive Users
on this item. Intereactive users includes normal users.
Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
Determines who is allowed to format and eject removable NTFS media. This capability can be given to Administrators, Administrators and Power Users, or Administrators and Interactive Users.
Of course it would be even safer if your application copies only from a particular directory to Flash media then ejects using encrypted secondary credentials.
Various programs exist to enable elevated credentials for such scripts/applications
http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1069341,00.html
Place a banner on the background if necessary and
Set rights to Adminsitrators and Interactive Users
on this item. Intereactive users includes normal users.
Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
Determines who is allowed to format and eject removable NTFS media. This capability can be given to Administrators, Administrators and Power Users, or Administrators and Interactive Users.
Of course it would be even safer if your application copies only from a particular directory to Flash media then ejects using encrypted secondary credentials.
Various programs exist to enable elevated credentials for such scripts/applications
http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1069341,00.html