Restrict drive formatting in domain enviroment

windows active-directory group-policy
5,236

Solution 1

If the users are limited users, that is not members of the local group Administrators, they will not have sufficient access to format an attached disk. Should you desire to control access for formatting removable media, you can use either domain or local Group Policy:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Devices: Allowed to format and eject removable media

Setting this option to either "Administrators" or "Administrators and Power Users" will prevent limited users from formatting this media as well.

See this Technet article for details.

alt text

Solution 2

You mean restrict them from formatting USB drives? Things I've heard of having been done involve gluing ports shut, and/or removing drivers for USB controllers.

As of server 2003 (at least) it looks like there's a way to restrict the drivers in GPO. A quick google came up with http://support.microsoft.com/kb/555324

There may be other versions or slightly altered instructions if you google for "gpo restrict usb." I don't always trust AD because we have had machines that didn't always "take" properly.

Be aware that unless the machine's BIOS is passworded and set to bypass USB and CDROM at boot, a user could still boot from a bootable disc and format things that way (unless you physically blocked the ports) or format the hard disk. Placing this restriction on users just adds another hurdle. It's not a guaranteed stopping measure.

Share:
5,236

Related videos on Youtube

Deb
Author by

Deb

She/Her, DevOps & Systems Engineering. I do monitoring and telemetry. I read manuals. Also: author of Software Telemetry so I guess I write them too now.

Updated on September 17, 2022

Comments

  • Deb
    Deb over 1 year

    How to restrict users from formating drives? Computers are in a domain environment. May I use GPO or something else?

    I'm trying to hide an HDD partition. We use truecrypt and token, and if the drive is not mounted, and user tries to open the encrypted partition, Windows wants to format it. I'm trying to prevent accidental formats.

    • joeqwerty
      joeqwerty over 13 years
      Can you be more specific regarding what type of drives you're referring to: fixed disks (HDD) or removable (USB).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

GPO refresh error - Policy Refresh has not completed in the expected time. Exiting
Group Policy for DNS Server Addresses
Group Policy Preprocessing Error (ID: 1058)
Access Denied to SYSVOL from DC when using UNC path
Install a .reg file via GPO
Disable speakers on Windows client machines?
Issues deploying a Scheduled Task through GPO
Setting domain computers Time and Timezone from domain controllers
Group Policy to Specify DNS Servers in DHCP Environment - Good or Bad?
Change local admin password via GPO