Sam, Are you saying just put the text below in a word files, rename to .adm and import it into a GPO and apply? Or could you add the HKLM setting in the registry settings in a GPO and have it apply that way?
Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + [email protected] Phone:401-639-3505 -----Original Message----- From: Sam Cayze [mailto:[email protected]] Sent: Tuesday, March 31, 2009 1:25 PM To: NT System Admin Issues Subject: RE: autorun GP in W2K3 domain... The MS way is not powerful enough: But instead, or in addition to, do this: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist" Or ADM/GPO: CLASS MACHINE CATEGORY "SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" POLICY Default PART Default EDITTEXT DEFAULT "@SYS:DoesNotExist" VALUENAME "" END PART END POLICY END CATEGORY -Sam -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, March 31, 2009 12:02 PM To: NT System Admin Issues Subject: Re: autorun GP in W2K3 domain... On Tue, Mar 31, 2009 at 11:56 AM, Bill Lambert <[email protected]> wrote: > Where in GP do you turn off the autorun on USB ports? Can't seem to > find it. Computer Config -> Admin Templates -> System Turn off autoplay = Enabled Turn off autoplay on = All drives Make sure you've also got Microsoft's patches to fix the autorun-disable feature or the above doesn't actually work on the clients. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
