[Message Prev][Message
Next][Thread Prev][Thread Next][Message
Index][Thread Index]
RE: [OT] Limiting the use of USB devices on Windows XP
- Subject: RE: [OT] Limiting the use of USB devices on Windows
XP
- From: "John Andrews" <groups@xxxxxxxxxxxxxxxx>
- Date: Tue, 9 Aug 2005 17:38:55 +0100
Devicelock - we use it about $10 per seat
Works similar to AD policies, you can allow a machine, a user or just a
device - i.e. camera for jim on machine y
-----Original Message-----
From: ukha_d@xxxxxxx [mailto:ukha_d@xxxxxxx] On Behalf
Of Ward, David
Sent: 09 August 2005 12:50
To: 'ukha_d@xxxxxxx'
Subject: [ukha_d] [OT] Limiting the use of USB devices on Windows XP
Limiting the use of USB devices on Windows XP
I have a friend who is currently being driven to despair trying to
implement site IT security. His brief is to prevent users from adding or
removing files to the company system using removable USB drives
The problem is that there is a decree that users must be able to use
sanctioned company provided USB flash drives (don't ask, we know how
contradictory and stupid this is)
The two commercial solutions : DeviceLock & SecureWave Sanctuary
DeviceControl both operate using VID & PID from the USB device,
Device
lock allows the use of a white list to even permit certain VID & PID
combinations,
BUT the daft thing is that the VID & PID used are the ones from the
device
controller, and as 99% of flash drives use the same controller it's
impossible to limit the use to one specific manufacturers Flash drive,
and what's worse is that Devicelock people won't or can't even
acknowledge that a controller IC can have a different VID & PID to the
device it's used in - Arghhhhh!
We have looked at enumerating VID & PID ourselves but it quickly
becomes
tricky determining which devices are USB flash drives
Has anyone come across this problem or know of a possible solution?
Thanks for your time
Dave Ward
UKHA_D Main Index |
UKHA_D Thread Index |
UKHA_D Home |
Archives Home
|