One ouf our clients requires to have Removable devices locked out from being used. Has anyone found a reliable, automated, and audit able way to lockout Removable devices for machines?
Right now I've created a script that sets the following registry keys to lock USB devices and CD/DVD drives:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor\StartValue: 4
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom\StartValue: 4
This has been working for awhile but we've found some holes with either this setting not getting applied or going away after awhile.
Can this be done in KAV?
Any ideas on how to keep automated audits of this or even alerting if the registry or lockout setting change?
Thanks in advance!
When you know what registry keys to check, you could easily create a procedure that runs on a recurring intervall. (ever hour?) Then just simply check the value of the registry keys.
If reg key = desired value - then do nothing
else - set the registry key to correct value.
You could even create a custom field that you can populate with the "status", depending on what values you get out from the procedure.
i.e. Custom field : Removable storage (enabled/disabled)