Prevent connection of unauthorized USB-devices?

Prevent connection of unauthorized USB-devices?

Is there a way to prevent connection of unauthorized USB-devices? We have Win 7 Pro clients today but will probably upgrade to 8.1 Pro soon. We are running a Windows Server 2008 R2 server enviroment.

I want to:
1. Configure which USB-devices that are allowed
2. Prevent connectivity of unauthorized USB-devices
3. Prevent file copy to and from devices other than authorized encrypted USB thumb drives
4. Only allow charge function when connecting a smartphone



to get this you should have an encryption system in your environment connected across all your system, and it takes long time than what you really think

the easy way to prevent non-allowed USB is to disable the USB port itself from the device manager and you need to input your credentials there as an administrator to enable them again.

there are several vendors providing SW like what you are looking for but as my experience it's very complicated to manage and not friendly use.



to get this you should have an encryption system in your environment connected across all your system, and it takes long time than what you really think

the easy way to prevent non-allowed USB is to disable the USB port itself from the device manager and you need to input your credentials there as an administrator to enable them again.

there are several vendors providing SW like what you are looking for but as my experience it's very complicated to manage and not friendly use.



Thank you. If I disable the USB-ports in BIOS can I enable connectivity on certain devices? We must be able to connect keyboard, mouse and authorized USB thumb drives.



For the requirements you have disableing the ports is not a solution.

Then you need special software to accomplish this.

Be aware that your users can bring an identical Thumbdrive (same brand, model and make) and this one will work too then. This kind of USB restriction software will usually look at device Vendor and ID and they are the same for the same product.



Ok. Is it possible to physically lock connected USB-devices like keyboard, mouse etc.?
If it is possible to disable the opportunity to save files from external devices and copy files to external devices via OS security that might be a better solution.



Locking ports can be done with this little thingy:
http://www.kensington.com/us/us/4483/k67720us/usb-port-lock-with-square-cable-guard#.VUiV1dS1Gko

Strange boot issue - Windows 7 - If I remove 2nd harddrive, windows
wont boot

Strange boot issue - Windows 7 - If I remove 2nd harddrive, windows wont boot

I have a 2nd harddrive that is starting to fail (data storage only drive), and when I replaced it with a new 1TB drive,
I got an error message and Windows 7 wouldnt boot until I put the 2nd drive in again.

Both the old and new secondary drives are completely empty (however in Disk Manager I can see the old secondary drive is missing 1 mb, so there must be some boot files there).

I have used Paragon Disk Manager before, but completely uninstalled it. But there must be some lingering boot files/data on the secondary harddrive (even though appears to be completely empty).

I have checked bcdedit and msconfig and Advanced System Settings --> Startup and Recovery --> Settings and looks like everything is booting from the C: drive.

How can I fix this and put back all boot related files only to the C: drive?

Thank you,
HappyT



Have you tried running fixmbr from the recovery console?



Have you tried running fixmbr from the recovery console?



Your issue is that the drive you removed altered the reference to your drive and possibly a reference is missing.
Did you clone the new drive from the old drive? Often drives come with vendor CD to migrate the data from the old onto the new.
An option when the system is booting is to try to opt for the boot option (escape, F12, etc)
When prompted hopefully you can differentiate between the OS drive and the data drive I.e. One is 320GB and the other is 1TB and within the boot menu, you can differentiate, I.e, one if both are from the same manufacturer it might be ..... Differentiated, pick the one with the OS and see if you can boot from it.

Did you alter the cabling? I.e. Switching the drives positions?

You need to reconstruct the boot record using bootrec/bcdedit.

When you boot with the second drive in place look at diskmgmt.msc to see how is the second drive listed, does it have any system, boot, page file reference?



is windows set to show hiden files and folders?
probably you have the system partition (100-200 Mb) on the second drive
if you copy that partition to the other drive with a partition manager - it should boot again



With the paragon disk manager make sure your OS disk is set to "Active". Currently your other disk probably is the active disk. Things like that happen if you install an OS with both disks there. I always recommend to remove all unneeded disks before installing an OS.



To fix it, first create a system repair disk:http://windows.microsoft.com/en-us/windows7/create-a-system-repair-disc

Then disconnect the 2nd drive, and boot to the repair disk, and do a Startup Repair:http://windows.microsoft.com/en-us/windows/what-are-system-recovery-options#what-are-system-recovery-options=windows-7

With only the main system drive connected, Startup Repair should reconfigure BCD and place any needed boot files onto the main drive.

Power User vs Administrators

Power User vs Administrators

Greetings,
I just took over a windows-based enterprise (server and win7) and I just found out that some of my "power users" were given full rights as Domain Administrators to perform help desk type operations (ie. lockouts, password resets, software upgrades).

Is there any way I can give these people access to perform these tasks without giving them full domain privileges with access to Active Directory?

Thanks



My VM crashed over the weekend so no screenshots. :'( However, I was able to find a site that should help explain how to do this: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Implementing-Active-Directory-Delegation-Administration.html



Yes you can use the delegation control wizard or modify ACLs for items like account lockous/resets

http://adisfun.blogspot.com/2009/08/extend-ad-delegation-control-wizard.html

There is also the account operator group.

Are these manual software updates? Do they need to only update software on PCs? You can create a group to have admin rights just on workstations.

Very good idea to take them out of domain admins....good thinking and good work

Thanks

Mike



Thank yo so much...
The only question I have, that I didn't see:can you do that for specific user groups? or is this an everybody/nobody situation?



Yes, you can grant access based on a group.



If you provide the server version I can get you directions.



Thank you so much.

Windows server 2008 with AD, exchange 2010,

What is Windows application 'Route.exe' and give example

What is Windows application 'Route.exe' and give example

We googled 'route.exe' and found that It is used to block IP connections to the system but can't seem to fully understand the purpose of this utility as to how applying it to us. Can an EE give as an easy-to-understand explanation of this tool and some real live example of it being used for? (we use Windows 7 & 8)



ROUTE.EXE is for managing Network Routing Table on your computer (which assign a gateway for the requested IP) either static or dynamic
setting a static route (fixed) of an IP to invalid interface can be used to block some IPs
here is the output for it's help



ROUTE.EXE is for managing Network Routing Table on your computer (which assign a gateway for the requested IP) either static or dynamic
setting a static route (fixed) of an IP to invalid interface can be used to block some IPs
here is the output for it's help



Yes, prior placing the question we "route -?" then proceeded to google about it; there's lot of tech info.

Please excuse our ignorance on the topic, we are trying to understand it and find a use for it here.

That said, why would we want to manage the network routing table on our computer?

We read up on 'network routing table' and found technical info (from wiki, microsoft, etc.):

A routing table is a set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed.

In computer networking a routing table, or routing information base (RIB), is a data table stored in a router or a networked computer that lists the routes to particular network destinations, and in some cases, metrics (distances) associated with those routes.

During the routing process, the routing decisions of hosts and routers are aided by a database of routes known as the routing table. The routing table is not exclusive to a router. Depending on the routable protocol, hosts may also have a routing table that may be used to decide the best router for the packet to be forwarded. IP hosts have a routing table. IPX hosts do not have a routing table.


... this brings us back to What is route.exe? why use it? Can we see real-live example of its use?

Appreciate EE patiences with us.



Never mind, I'm here to help as far as I can
the real benefits of ROUTE is only when you have multiple NIC or network card (Route call it Interface)
in this case by default each IP you request will be matched with interface IP and MASK if the required IP belongs to that network it will submit to that interface, but when you assign a static route (for a single IP or multiple IP using mask) it will respect this entry and forward to the interface you set,

another implementation when using VPN, VPN client creates a virtual interface so that all the VPN LAN requests will be routed to VPN interface and you can see that on the routing -print command



Ok, trying to understand real live situations for route.exe; when you say multiple NIC, you mean a PC with 2 internet connections (one using to AT&T the Verizon)? If so, route.exe must be used to tell the NICs their respective IP from the ISP?

(are we understanding correctly?)



Exactly

How to delete a WIndows XP user account that is the administrator
account

How to delete a WIndows XP user account that is the administrator account

Dear Experts,
I want to transfer a laptop to another person without doing a system re-install of the operating system.

I have deleted all the software.

As a security measure I would like to delete my own Windows XP user account and then create a new one of the new owner.

The trick is that my own user account is the administrator Windows XP account. Can I delete it?

Is there a piece of free software I can install to "sanitize" my laptop before handing it over?
Best Wishes,
Phil



You cannot delete the Windows XP administrator account without damage, and it should never have been used in the first instance. Also the new owner will want "administrator" to be there.

Start in your admin account and delete documents, email, favourites, cookies, temp files and anything else you can think of. Change the password to the admin account (you will give this to the new owner).

Set up a new userid for the owner as well.

Then defrag the hard drive to mostly write over top of what you deleted.

Truly, it is better to format and reinstall windows.



You cannot delete the Windows XP administrator account without damage, and it should never have been used in the first instance. Also the new owner will want "administrator" to be there.

Start in your admin account and delete documents, email, favourites, cookies, temp files and anything else you can think of. Change the password to the admin account (you will give this to the new owner).

Set up a new userid for the owner as well.

Then defrag the hard drive to mostly write over top of what you deleted.

Truly, it is better to format and reinstall windows.



Not only is it far better to format and reinstall windows, it's actually pretty simple with XP.

In addition, if you just rename the user account, the folder on disk will still have the old name.
e.g. if the user name is "Jim", then under Documents and Settings there will be a Jim folder. If you change the name of the account to "Bob", then "Bob" will show as the logged on user, etc. -- but the folder under Documents and Settings will still be "Jim". Not a big deal as long as you've cleaned it all up ... but it's much better to simply wipe the system and reinstall XP.



on most laptops you can do a factory reset from the factory restore partition
what model is this laptop?
then all data is erased



Dear Garycase,
Can I re-install Windows XP without the install disk?

So far I have created a new admin account and deleted the old one. I chose the option to delete the files. Do I need to do any more than that? I have also done a defrag. I would love to reinstall Windows but do not have a disk.
Best Wishes,
Phil



Philip - do you have a restore partition? if yes, you can!

please tell me how to have 'my computer'

please tell me how to have 'my computer'

another language: Swedish windows7
I can not find 'my computer' icon on desktop

I can not find 'my computer' link on start menu



I have no experience with Swedish W7, but you should be able to click Start, then right-click on Computer, and then click Show on Desktop (whatever that is in the Swedish language). Regards, Joe



I have no experience with Swedish W7, but you should be able to click Start, then right-click on Computer, and then click Show on Desktop (whatever that is in the Swedish language). Regards, Joe



Sorry, I don't know Swedish.
But if you right click on the desktop and select personalize, then you should have "change desktop icons" on the left side of the window. Click that and select "computer" under "desktop icons" section. ok, ok,... That should give you Computer icon on your desktop.
Anyway I prefer using right click on start button and select "open windows explorer".



i now see 'my computer' on desktop



Glad to hear it!



There was an error in this gadget