wrote a script for a customers network administrator to enable and disable access to removable storage. In the example below I used the registry keys for the Removable Disks: Deny write access and Removable Disks: Deny read access Group Policy Objects. It is easier to fix this with Group Policy if the computers are domain joined, you can set the policy in Computer Configuration > Administrative Templates > System > Removable Storage Access. Note: The script below is only tested on Windows 10, version 1511. Use it as reference for your own environment. <# .SYNOPSIS Enable or Disable access to…
All posts in GPO
A common question in forums about Group Policy Objects is how to exclude (deny) a GPO for certain users or a security group. However, there are multiple other ways to have the GPO only apply to certain users (link only to certain OUs, security filtering, item-level targeting, etc), the method shown in this post should only be used as a last resort. First open Group Policy Management from the Server Manager Tools or Administrative Tools. Select the GPO that need some exclusions and open the Delegation tab. Click on Advanced… Click on Add… Select the Active Directory objects for which…
You got a virusscanner and maybe also some other mitigation tools to protect your or company computers, but still viruses and malware can get thru into the system. Here is a method to create an extra layer of defense for your systems. We’ll be using Software Restriction Policies that can be found in the Local Security Policy for standalone PC’s or in the Group Policy Management for domain joined systems. We will be gonna use this for blocking executables from %APPDATA% and %USERPROFILE% directories, but also from compressed archives that can be mailed with an executable…