Jump to content

Allow restricted users to install USB drives

Jason P

By Jason P
in Windows XP

 Share

Recommended Posts

Jason P

Jason P

Posted
Posted

I work for a University and we have some workstations that allow students to work on papers, presentations, ect. Well the users log in with their AD credentials, but they are severely restricted users for security reasons.

When a student plugs in their USB drive it wants to find the drives for that device. Well since the users are severely restricted they are not allowed to install new devices. Does anyone know of a way that I can allow the students to use their USB drives but still keep the workstations secure? All of the PCs are running WinXP. Thanks!!


cluberti

cluberti

Posted
Posted

The users will need to be admins if they are going to install drivers for devices that don't have signed drivers. The inbox USB drivers are obviously signed, so allowing the Load and Unload device drivers right shouldn't affect this. When you plug in a USB device as an admin and it installs, check the device in device manager (specifically the driver) to see if it is signed or not.

Note that there's no way around this, either, as the machine does an ACL check on your account (not your account's rights) to determine whether or not you can install drivers that are either non PNP and/or not signed. If it's not signed, you're SOL. If it's not PNP, it checks the Load and Unload device drivers right in GP. However, if it's a PNP driver but not signed, only admins can install those.

mikesw

mikesw

Posted
Posted

It gets worse when you install a Sandisk with U3 support!

The reason is because not only are drivers having to be loaded, but U3 "launch"

is considered an application. Most admins prevent one from running apps right

off a flash disk (in the old days it was floppies). The reason to restrict apps running

is software not being under control of the admin, or windows. Hence one could

run virus , malware and other stuff without control.

A public library I went to not only wouldn't recognize the Sandisk, but wouldn't install

U3 software for the few PC's that for some reason would recognize the disk (admin screwup I guess).

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...