|
|
Welcome to the Exploding Garrmondo Weiner Interactive Swiss Army Penis. |
GFF is a community of gaming and music enthusiasts. We have a team of dedicated moderators, constant member-organized activities, and plenty of custom features, including our unique journal system. If this is your first visit, be sure to check out the FAQ or our GFWiki. You will have to register before you can post. Membership is completely free (and gets rid of the pesky advertisement unit underneath this message).
|
|
Thread Tools |
Preventing people from using own USB sticks?
Hi
I have a question. How do I prevent people from using their own USB sticks in a computer lab? USB nowadays are getting large in terms of storage and many portable softwares are out there. I think you can even run operative systems on memory sticks. I've heard about PCs using USBs with specific softwares installed in order to login and use the PC. Are these USB specific to the PC or is it just the software that is installed on the USB that makes the USB unique? If so, where can I buy these USBs...? Jam it back in, in the dark.
Thanks to Fjordor for the funny image!
|
I'd figure they would just buy a huge flash card (8 gigs +) and install Linux on it. The only one I'm familiar with that you could install on a flash card would be Slax Linux.
There's nowhere I can't reach. |
The company I used to work for had something set up whereby you could only use the company's USB sticks on company computers but I'm afraid I have no idea how they did it.
I don't understand much of it but this article might be of some help to you. This thing is sticky, and I don't like it. I don't appreciate it. |
I'll take a look at it.
Thank you I am a dolphin, do you want me on your body?
Thanks to Fjordor for the funny image!
|
Here is an alternate link
Disable USB Disks with GPO If you're on Windows Vista, your job is considerably easier, it seems. I was speaking idiomatically. |
I do want the users to be able to use USB, but not their own
What kind of toxic man-thing is happening now?
Thanks to Fjordor for the funny image!
|
Chocorific |
You would need some authentification between the stick and the operating system.
Since the stick is a totally passive device I doubt it will be that easy. Let's see: the only way you can do auth is putting some files on the stick and maybe fiddle around with the device identification values (vendor, product id, etc.). All of this is clonable. You can copy files and filesystem on the stick and you can probably also clone the indent vals (e.g. by getting an identical stick). So nothing of this is particularly safe. You could get some custom-made USB sticks which contain auth hw, and only let you access the data storage after auth is completed. That's of course not going to work with regular sticks you use to buy That's probably what Shin's company did. However I see more problems coming when implementing this. First of all you can't have identical auth data on all devices, since you want to precisely enable/disable devices when a stick gets e.g. lost. Disabling all devices isn't an option... at least if we're talking about a bigger amount of sticks. Then you need to distribute auth data to the clients (the machines that should accept the stick) safely, plus avoiding that anyone toys around with the auth data on their machine. That's a whole bunch of non-trivial problems... Most amazing jew boots |
Against a concerted employee who's willing to do the research, its near impossible to completely limit access to USB devices, as they've got the hardware, which is a huge disadvantage. At best, you can make it difficult for them to do so, and make the costs outweigh the rewards only for those who have an extreme need.
With custom hardware you could probably assign hardware bits with a hash pattern. It would be repeatable and you would be able to disable selected values out of the hash through administrator pushed updates. However, a determined person with access to several USB devices could probably figure out the pattern. They could also use easier methods like just getting around the administrative privileges on the system itself and disabling the lockout. You could also have handshake software installed on both, as has been mentioned, which would serve a similar function, but with a few read only files. Again, similar problem that they have access to the hardware, and there are known attacks for most major OS' to enable admin access. Also, why only company USB devices? Is this to avoid something like USB data theft? What, you don't want my bikini-clad body? |
Cannot let prisoners bring their own USB sticks
Hmm...seems like this USB situation is more difficult than I thought. Maybe its best to disable all use of USB ports. Jam it back in, in the dark.
Thanks to Fjordor for the funny image!
|
Prisoners?
Okay, so what specifically is your situation? Do you have a kiosk or something which prisoners can access? Why do they need to access said computer, and what kind of information do you have on that computer that they shouldn't be able to download? Or, do you just want to prevent them from running programs on USB disks? How ya doing, buddy? |
They might get laptops in their cells. Must first prevent them from running programs on USB sticks.
This thing is sticky, and I don't like it. I don't appreciate it.
Thanks to Fjordor for the funny image!
|
I didn't read the first post carefully. Most amazing jew boots |
Gaming, just lock down the computer something fierce so that they can only run programs that are authorized...
How ya doing, buddy? |
At the moment, I'm just looking for ideas and suggestions to see what's best to do.
What kind of toxic man-thing is happening now?
Thanks to Fjordor for the funny image!
|
That would be my suggestion then. Restrict the prisoners from running all programs except for a list of already vetted applications. This can be done using Group Policies, and is more painless than trying to prevent them from using unauthorized USB sticks.
This Tom's Hardware post refers to Windows 2000, but you should be able to pull it off in XP and Vista as well: Prevent Running of Unauthorized Program via GPO FELIPE NO |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Why not legalize prostitution? | Divest | Political Palace | 365 | Jul 28, 2009 05:00 AM |
Expressing feelings about certain people or issues through art | Lizardcommando | The Quiet Place | 2 | Nov 8, 2007 10:04 AM |
Religion: What it means to you | I poked it and it made a sad sound | The Quiet Place | 833 | Nov 7, 2007 07:47 PM |