The MS way is not powerful enough:
But instead, or in addition to, do this:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
Or ADM/GPO:
CLASS MACHINE
CATEGORY "SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Autorun.inf"
KEYNAME "SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Autorun.inf"
POLICY Default
PART Default
EDITTEXT
DEFAULT "@SYS:DoesNotExist"
VALUENAME ""
END PART
END POLICY
END CATEGORY
-Sam
-----Original Message-----
From: Ben Scott [mailto:[email protected]]
Sent: Tuesday, March 31, 2009 12:02 PM
To: NT System Admin Issues
Subject: Re: autorun GP in W2K3 domain...
On Tue, Mar 31, 2009 at 11:56 AM, Bill Lambert <[email protected]> wrote:
> Where in GP do you turn off the autorun on USB ports? Can't seem to
> find it.
Computer Config -> Admin Templates -> System Turn off autoplay = Enabled Turn
off autoplay on = All drives
Make sure you've also got Microsoft's patches to fix the autorun-disable
feature or the above doesn't actually work on the clients.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
