What's new in Vista Group Policy?

Controlling removable media

Removable devices such as USB thumb drives, flash memory card readers, and external USB hard disks, as well as CD and DVD writers and even the venerable floppy disk drive, are extremely convenient for transferring data between two computers.

Unfortunately, they can also pose a big security problem for companies: Users can easily download data that shouldn't leave the company networks to a removable device and take it with them or they can upload data from a device and unknowingly introduce viruses or malware to the company computer.

In the past, some companies went so far as to physically destroy USB ports by filling them with epoxy or some other substance. A less drastic measure was to disconnect the USB ports inside the computer and remove optical drives capable of burning discs. You could buy third-party software to allow you to enable or disable access to USB devices, CD/DVD writers, etc. Or you could create a custom .ADM file to block usage of these devices in XP.Vista makes it much easier.

Here's what you do to apply a policy controlling access to removable media to the local Vista computer:

  1. Click Start | Control Panel | Administrative Tools.
  2. Select Local Security Policy.
  3. In the Local Security Policy console's left pane, under Computer Configuration, expand Administrative Templates and click System.
  4. Scroll down in the right pane and double click Removable Storage Access, shown here.

By Deb Shinder

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...