Need to block USB devices? In this article you will learn how to block USB drives with Active Directory Group Policy Objects (GPO). We will also compare using a GPO vs dedicated device control software for enforcing your removable media control policies.
AccessPatrol is a device control software solution for preventing data loss to portable storage devices. In this video CurrentWare’s managing director Neel Lukka provides an overview of the features available in AccessPatrol.
🔒 Block USB flash drives, external hard drives, and other peripheral devices
🔒 Monitor USB activities including file transfers and what devices have been used
🔒 Get DLP alerts sent to your inbox when high-risk USB activities occur
AccessPatrol’s security policies are enforced by a software agent that is installed on your employee’s computers. This keeps devices restricted and monitored even when the computers are taken off of the network.
AccessPatrol can block or limit the use of more than just USB storage devices. For full USB control, device permissions can be easily configured based on computer, user, or workgroup.
Device Class | Devices | Access Permissions |
Storage Devices | USB | Full / Read only / No access |
DVD /CD | Full / Read only / No access | |
Floppy | Full / Read only / No access | |
Tape | Full / Read only / No access | |
External Hard drive | Full / Read only / No access | |
Firewire | Full / Read only / No access | |
SD Card | Full / Read only / No access | |
MM Card | Full / Read only / No access | |
Wireless Devices | Bluetooth | Full / Audio Only / No access |
Infrared | Full / No access | |
Wifi | Full / No access | |
Communication Ports | Serial | Full / No access |
Parallel | Full / No access | |
Imaging Devices | Scanners | Full / No access |
Cameras, Webcams & Others | Full / No access | |
Others | Printers | Full / No access |
USB Ethernet Adapter | Full / No access | |
Sound Cards | Full / No access | |
Portable Devices (iPhones, Mobiles) | Full / No access | |
Network Share | Full / No access |
With AccessPatrol, blocking USB devices is as simple as a few clicks.
Create a group policy object to store the policy you wish to impose in your domain.
With AccessPatrol, blocking specific USB devices is as simple as a few clicks.
With AccessPatrol’s Allowed List you can block USB devices and other peripherals while allowing specific authorized removable media devices.
Administrators can use AccessPatrol’s Device Allowed List to establish a list of devices that their end-users can use on company devices, even when USB ports are disabled.
You can choose to allow devices by the following identifiers:
Device whitelisting is configured on a per-folder basis. Devices that are added to the allowed list for a given folder will apply to any computers that are in the specified folder. AccessPatrol’s allowed list supports USBs, External Hard drives, Imaging devices, and portable devices.
Note: Allowing a device by serial number is fully compatible with Windows 10. For Windows 7 or 8, some newer models of USB devices may not support this feature. Instead of allowing by serial number, it will allow all devices from the same vendor and model.
NOTE: This feature doesn’t work in N editions of Windows 10 Pro.
AccessPatrol allows you to prevent specific files from being transferred to external devices based on their filename or file extension.
This feature is not available in Group Policy
Hey everyone, this is Dale here. I am the Digital Marketing Manager for CurrentWare.
In today’s video, I’d like to show off the new USB activity dashboards introduced to AccessPatrol in version 7.0.
These dashboards provide a convenient overview of the peripheral device usage of your entire workforce as well as specific groups or users—all from the convenience of a web browser.
They work in tandem with AccessPatrol’s device control features and USB activity reports to protect sensitive data against the security risks of portable storage devices.
Today’s video is just a sneak peek of what AccessPatrol is capable of; as time goes on you can expect to see further enhancements and data points added to these dashboards.
At this time, AccessPatrol can track activities from the following peripherals:
This device usage data is used to populate various graphs across AccessPatrol’s dashboards. You can further refine how granular this data is by limiting the time frame, selecting only specific groups, and even investigating individual users.
Having these metrics available at a glance makes detecting potential insider threats far more efficient as your organization scales.
Any groups or users that need to be reviewed further can be investigated using the more granular dashboards and AccessPatrol’s device activity reports.
For a more proactive approach to insider threat management you can set up targeted alerts that will notify designated staff members when these high-risk activities occur.
For the most up-to-date information on AccessPatrol’s activity tracking and data loss prevention capabilities, visit our knowledge base at CurrentWare.com/Support or visit the AccessPatrol product page at CurrentWare.com/AccessPatrol
In the overview dashboard you can review the following metrics:
Moving on to the Files Dashboard you will see…
Finally, we have the Devices Dashboard.
In this dashboard, we have…
As you can see, we have specific users that are repeatedly trying to use devices that have not been approved for use by the organization.
While this could just be an accidental oversight on the user’s part, there’s a risk that it’s something much more serious.
For example, what if this is actually a disgruntled employee trying to steal trade secrets or sensitive customer data so they can bring it to a competitor, or worse, sell it to cybercriminals on the dark web.
Between the costs associated with a damaged reputation, fines, loss of competitive advantage, and remediation, a data breach like this could completely ruin a company.
Before we confront this employee or send them for retraining, let’s investigate this incident further so we can make an informed decision.
Clicking on this user, we’ll be taken to a dashboard that focuses exclusively on their activity.
Looking at the Devices graph we can see that they have made multiple attempts to use blocked devices.
Scrolling down, we can see that they’ve been trying to use unauthorized portable storage devices.
Since AccessPatrol is currently blocking any devices that are not explicitly allowed, I know that the only way sensitive data is leaving through a USB drive is if it’s a device that we’ve allowed before. So, let’s take a closer look at how they’ve been using their approved devices.
As you can see here, the types of files that they are transferring are more than capable of containing sensitive data; let’s take a look at the file names for more details.
With the Activity Log we can use the filters, sorting, and column options to isolate our view to the entries we’re the most interested in.
Once we find something that looks off, we have more than enough information to confront this employee and take any necessary corrective actions.
Ready to protect your sensitive data against theft to USB portable storage devices? Block and monitor peripheral device usage today with a free trial of AccessPatrol, CurrentWare’s USB control software.
Simply visit CurrentWare.com/Download to get started instantly, or get in touch with us at CurrentWare.com/Contact to book a demo with one of our team members. See you next time!
With AccessPatrol, blocking USB devices is as simple as a few clicks.
Microsoft has released instructions on monitor the use of removable storage devices with group policy.
If you configure this policy setting, an audit event is generated each time a user attempts to copy, move, or save a resource to a removable storage device.
Auditing USB device usage in this way involved manually combing through event logs in search of specific event IDs, such as event 4663, which logs successful attempts to write to or read from a removable storage device.
AccessPatrol can grant temporary access to blocked devices using it’s access code generator.
Administrators and authorized managers can use the generator to produce a single-use code that provides users with a set duration where the computer’s USB ports are no longer disabled by AccessPatrol.
The access code is unique to each computer that you generate for and the computers do not need to be connected to the internet to use it. So long as the CurrentWare client is installed on the employee’s computer they can be provided with temporary access to USB devices.
Group Policy does not support temporarily bypassing GPOs for a set period of time.
To temporarily allow access to USB devices you will need to manually disable the GPO and manually re-enable it when the end-user no longer requires access to USB devices.
To do this, open the the Group Policy Management Console (GPMC), right click the USB blocking GPO under the OU and uncheck the option “Link Enabled”.
To reenable the GPO, simply repeat the process and recheck “Link Enabled”
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Although applying group policies is a viable way to control the use of USB storage devices in an organization, there are disadvantages that should not go unnoticed. Here are some of the pitfalls to using GPOs you want to consider before depending on it for data security in your organization.
Using the Group Policy Object Editor to manage USB security policies can be overwhelming for those without a background in Active Directory and Group Policy management. From an organizational standpoint, the time and expertise needed to to administer and modify USB restriction policies in this way might not be readily available. The complexity of GPOs is further compounded when it comes to applying unique USB restrictions to different departments, computers, and users in your organization.
With AccessPatrol blocking USB devices is as easy as a few clicks. The time savings from not having to manually create and manage GPOs allows IT pros to focus their time on higher value tasks. Should USB restriction policies need an update the task can be readily delegated to someone with access to an authorized (and uniquely restricted) Operator account.
Group Policy Objects have mandatory updates that regularly occur at a set interval or when a PC is rebooted. You can modify the length of time between updates, however misconfigurations will bog down your your network with an abundance of traffic.
With CurrentWare’s lightweight server and client your AccessPatrol USB security policies will seamlessly update without hogging bandwidth and system resources.
Group Policy only supports domain-joined machines in a traditional Active Directory environment. In mixed environments where IT pros need to manage both domain-joined and non-domain-joined machines, having AccessPatrol as a dedicated USB control software provides critical security controls for all of their managed devices.
Ready to take back control over USB device usage in your organization? Get started today with a FREE trial of AccessPatrol, CurrentWare’s device control software.
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |