Written by Mark Farrugia, Senior Microsoft Premier Field Engineer You stop in at your local coffee shop that offers free Wi-Fi access. Sure enough you have someone hanging around with their laptop. They step away and leave their machine unattended; they may have locked the screen, but they left the laptop powered up and unattended while they grab another beverage. Have you seen this situation? Because I know I have, and I think to myself how easy it is for someone to plug something into that laptop, and how little time would that person would need to install a malicious piece of code. Recently I came across this article titled “”. Immediately I thought, what am I going to do to protect myself?
As a Microsoft representative standing before my customers, the last thing I would want is for my machine to be compromised. As well, I don’t want to be in a situation where I am not practicing what I preach. What Can You Do To Protect Yourself from Malicious Removable Devices? Fortunately for me and Microsoft’s customers, since the launch of Windows Vista many years ago, Microsoft has enabled users the ability to lock out removable devices from their machines and whitelist a trusted number of devices. This functionality works great across both the client and server operating systems: Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.
Microsoft Windows has the ability to control what gets plugged into the USB ports of a machine through the local group policy. But what about a large enterprise organization? Same rules apply; centralized group policy through Active Directory can be used to control what devices are whitelisted and blacklisted within your organization.
You can control Android device from any computer using R-HUB remote support servers. It is on-premises software which is completely secure. It works on Windows, Mac, iOS, Android and supports unlimited users.
For the purpose of this article, I am going to concentrate on our friend in the coffee shop. Where Do You Find This Magical Control? Control of USB removable media is built right into your operating system. You will need to have elevated privileges on your local machine to implement the policy, but you can make it so it applies to all users of your machine. Click on the Windows pearl, and type gpedit.msc into the search box and hit the ENTER key on your keyboard. Once the local group policy editor opens, you will be presented with two panes, and on the left pane will be your navigation tree. This is broken into two sections, Computer Configuration and User Configuration.
The policy we are going to be interested in working with is within the Computer Configuration context. Navigate to the following location: Computer Configuration – > Administrative Templates – > System – >Device Installation – > Device Installation Restrictions How Do You Configure Device Restrictions? You are now presented with a screen that has the following options available to you: Instead of me explaining all of these settings, I will run through a couple of situations. Situation #1 - Lockout All Devices If I wanted to lockout all devices connecting to my system I can configure the one policy titled “ Prevent installation of removable devices”.
This is a catch all policy that will prevent all removable devices attached to the machine from being configured and accessible. You can even create a nice custom message that describes the lockout policy by configuring the “ Display a custom message when installation if prevented by a policy setting”. Situation #2 – Allow Only Trusted Devices More realistically, you will probably want to only allow your USB keys to be connected to your machine to transfer data at any time.
Therefore you would have to configure two policies. It would be prudent to prepare a list of all the keys you own that you will want to add to this policy. From within Windows 7, you will want to go to “Device Manager” (Windows Pearl –>Search Box –> devmgmt.msc –> Disk Drives) to find out the USB keys Hardware IDs.
You will want to find a string like the following: USBSTOR DiskKingstonDataTraveler_2.0PMAP Enter this information into the Group Policy Setting “ Allow installation of devices that match any of these device IDs” Within this policy you will want to set it to ENABLED, and then click on the “ Show” button to enter all of your USB keys hardware IDs that you gathered earlier. The other policy you will want to invoke will be the “ Prevent installation of devices not described by other policy settings” set to be ENABLED. Anime special a wikipedia. One thing to note here, if you had enabled “ Prevent installation of removable devices”, this policy setting will take precedence over all other policies configured, hence why it is important to configure the right policy for the right task.
To figure out the right version of Google Play Services for your Android. Am using android version 4.0.4 but its. Google play services apk 5. Google Services Framework 4.0.4-338691.apk. Consult our handy FAQ to see which download is right for you. Google Play services (Android TV). Download the latest version of Google Play services.APK file. Google Play Services by Google LLC Version: 12.8.74 (098136) (12874000) Last updated.
Run a gpupdate /force from an elevated command prompt and test out the USB lockout functionality. For further reading you can check out the following link also: Can This Apply To The Enterprise? You can control groups of machines and/or all machines connected to a Microsoft Active Directory domain through group policy. This is a topic I hope to expand on in a future post to discuss the operational guidance and some group policy design suggestions to help you effectively manage your machines.