![]() To force the policy update we can use command gpupdate /force in the command prompt as usual. At user level, we can only control read and write access, while at computer level we can also control execute access. Notice that there are less available settings here compared to settings that can be applied at the computer level. ![]() The settings can be found in User Configuration > Policies > Administrative Template > System > Removable Storage Access. It is worth noting that administrator can also apply this policy at the user level, so each users may have different privilege on the computer. This message below will be shown in the client when they attempted to do so: When the policy has been applied, all logged in users will no longer have access to the USB flash drive or external hard disk attached on the computer. Policy must be applied at the computer level. The right setting that match the scenario here is Removable Disks: Deny write Access. To enable it as shown below. This action is suitable if the administrator only wants to protect the computer from virus or malware that might be exist in the removable storage.
0 Comments
Leave a Reply. |