Pressler2904 | May 12 2009 4:45PM GMT
We went through this in my current environment: there is no easy way to block access to USB ports… Some organizations go so far as to fill the USB ports with hot glue I understand. What has worked for us here is to set up a system image with the expected hardware and add a few alternate items (for example, USB Optical Mouse and USB Trackball; different types/brands of monitor). After the image is configured, we disable Plug and Play. No account with User level rights (ALL our user accounts, even the IT dept, have User level rights) can then change or alter the hardware configuration.
It’s pretty severe, I know, but for us it works and it’s the surest way to avoid a massive HIPAA leak…
Have a look at this similar question/answer.
I didn’t tried personally, but I was told that the user needed to be a local administrator so that it could work.
You can block USB connections through Group Policy, under computer configuration, local policies/security Options, devices. there you can restrict the users. create a separate user group and apply the GPO.
Group Policy.. Block USB
And you can also remove the local administrator permission of corresponding register keys, only leave the group administrator permission to the key, so that even the user is grant the local admin privilege, he/she still can’t use USB storage function via modifying the register key value.