The problem is this: we have given the flash media. To computers (running Windows starting with XP) are not allowed to insert unauthorized devices.
Actually, the question is: how to prohibit to use them?
The situation is complicated by the fact that the organization does not have a common network, that is, group policy, DeviceLock and other work only until such time as you will need to add another device to all the computers (And, for a moment, a few thousand).
Is there any solution, for example, a file with the serial number, signed by the key on a hidden partition of your pendrive, which AT understand mount or not?
adrain.Hessel69 answered on October 3rd 19 at 02:30
Several thousands of computers without a single network, but with the need for centralized control — that's called hell.
burley_Daniel answered on October 3rd 19 at 02:32
You can do clean Windows, but from experience I can say that sometimes causes random problems in the system.
In the registry branch HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR that stores information about the installed USB drives, cleaning the branch, stick the right flash drive, give install them, and then select the user rights on this thread, after that Windows just can't install a new ROM.
Also in the system folder there is a file responsible for something like that, it is also necessary to trim right after the installation of %\WINDOWS\Inf, usbstor.inf and usbstor.pnf.
giles_Lesch answered on October 3rd 19 at 02:34
I don't think it is. Because the idea is pretty meaningless. That hinders to carry out the official media information?
taryn.Rober answered on October 3rd 19 at 02:36
Do you have a policy: "allow everything except... "?
By the way, the monitor photographing — prohibited or you can print out what is necessary (binaries — mail in mime-format)?
Mara_Grant answered on October 3rd 19 at 02:38
It is technically possible to write a service which hangs in Windows and checks the serial numbers of the USB stick. If the number is not registered then disables them.
albert31 answered on October 3rd 19 at 02:40
A somewhat simpler option is available out of the box, but requires Windows 7 or Windows Server 2008:
3. The article