Hi there,
I am looking for a solution to write protect the USB drives so that:
1. Users can upload their stuffs from the USB drive to the server.
2. Users can not download stuffs from the server to their USB driver.
Solution for this scenario is available in Win Vista and Win Server 2008, but I was unable to find it in Windows Server 2003 SP2.
Anybody please help me on this. Thanks
Tom

I sure would like to know the solution to that one in vista and '08. They have policies that can control vs disable?

Imagine the power of knowing how to internet search
http://www.lib.berkeley.edu/TeachingLib/Guides/Internet/FindInfo.html

That's right Mr. Wanderer....It is available in both of them but not in the server 2003.
Anybody has any kind of suggestion, solution for this?
''write protecting removable drives in server 2003 through group policy''.
Tom

So I take it you aren't going to share your solution to this issue as it exists in vista and 2008?

Imagine the power if you knew how to internet search

http://www.technipages.com/vista-en...

Michael J

Thanks Michael J but that is for enabling/disabling usb which we can already do via group policy.

Tom wants to control the usb in that you can write from but not write to the usb device.

He says it can be done in Vista and 2008 but doesn't appear he wants to share that information.

Imagine the power if you knew how to internet search

The page I linked to states that you can "Disable or enable the ability to write to a removable disk"

The OP stated:
1. Users can upload their stuffs from the USB drive to the server.
2. Users can not download stuffs from the server to their USB driver.

The OP is using the wrong terminology, but I would consider "Users can not download stuffs [sic] from the server to their USB driver [sic]" the same as writing to the drive.

Michael J

Ah says the blind man, I see.

As a test I made that key. Didn't make any difference at all to writing or not writing files to my usb stick, in Vista.

Same results in XP.

Imagine the power if you knew how to internet search

I think that should work wanderer. Also you can find the same for windows server 2008. However, I have to tell you this, I have not tried this option in both the OS since our client is using Server 2003.
Here is the adm file content to enable write protection on win XP sp2(I found it here:http://www.petri.co.il/disable_usb_disks.htm)
................................
CLASS MACHINE
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!policynamewriteprotect
KEYNAME "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
EXPLAIN !!explaintextwriteprotect
PART !!labeltextwriteprotect DROPDOWNLIST REQUIRED

VALUENAME "WriteProtect"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 0 DEFAULT
NAME !!Enabled VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
END CATEGORY
END CATEGORY

[strings]
category="Custom Policy Settings"
categoryname="Write Protection"
policynamewriteprotect="Write Protect USB Removable Drives"
explaintextwriteprotect="Enforces write protection on all USB Removable Drives. \n\nSelect the ENABLED radiobox, then select ON for the Write Protect USB Removable Drives status in the drop-down list. \n\nIn order to disable write protection on USB Removable Drives select OFF for the Write Protect USB Removable Drives status in the drop-down list."
labeltextwriteprotect="Write Protect USB Removable Drives status"
Enabled="On"
Disabled="Off"
...........................
I tried it on win server 2003 SP2 without any code change. It created this policy(enable write protection policy) in the group policy,and I was very happy that I could see this option there. But the write protection("function") didn't work.
Is there any adm template expert that can change this code for win server 2003?
Greatly appreciated.
Tom

Set advanced ntfs permissions so that a users could write but not read from server?

I read it wrong and answer it wrong too. So get off my case you peanut.

Folks,
This adm template works in a sense that it also appears in the gpedit.msc->computer config-> admin templates->Reovable Storage Write Access. But again, same problem. Even
though I enable it to work, it does not work.
Is there any step I have to take in order to make this stuff work?
---------------------------
CLASS MACHINE
CATEGORY "Removeable Storage Write Access"
POLICY "USB Write Access"
KEYNAME "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
VALUENAME "WriteProtect"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY;
---------
Can be found in http://thelazyadmin.com/blogs/thela...

Tom

Hello, Tom!

You need to make your usb drives "read only".
Do you have a desktop management system in your company ? It may include such ability by default.

In our company we use desktop authority by scriptlogic with very powerful usb security features http://www.scriptlogic.com/products...

With this tool you can also block or limit the access to a different class of usb devices like mp3 players, PDAs, printers, scanners, cd/dvd burners, usb and wifi adapters.

Hope this helps.

Hi Barry,
I know this software. It is like a active directory software with extra goodies.
Thanks

You do this in the registry of the local workstations. Add a line in your login script to change this key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
"WriteProtect"=dword:00000001