Whitelist specific USB keys and block others
up vote
1
down vote
favorite
Im looking for a solution to implement and easily manage USB white-listing in multiple countries.
We have restricted USB storage usage using group policies, as 99% of users don't need to use external storage, but we are having problem with 1% of users. This 1% uses specific USB keys, which contains e-signatures and other certificates issued by local government to access e-services (e.g. tax offices). We have no control over these storage's, but there's clear business requirement for them.
Anyone can suggest solution, how to white-list these different type of USB devices, while blocking others, keeping in mind, that we don't control them and they are different in each country?
group-policy usb-storage restrictions
asked 18 hours ago
ThatGuy
61
New contributor
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
1
down vote
favorite
Im looking for a solution to implement and easily manage USB white-listing in multiple countries.
We have restricted USB storage usage using group policies, as 99% of users don't need to use external storage, but we are having problem with 1% of users. This 1% uses specific USB keys, which contains e-signatures and other certificates issued by local government to access e-services (e.g. tax offices). We have no control over these storage's, but there's clear business requirement for them.
Anyone can suggest solution, how to white-list these different type of USB devices, while blocking others, keeping in mind, that we don't control them and they are different in each country?
group-policy usb-storage restrictions
asked 18 hours ago
ThatGuy
61
New contributor
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Write custom udev rules.
– Ipor Sircer
18 hours ago
1
You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
– Seth
18 hours ago
You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
– Austin Hemmelgarn
7 hours ago
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Im looking for a solution to implement and easily manage USB white-listing in multiple countries.
We have restricted USB storage usage using group policies, as 99% of users don't need to use external storage, but we are having problem with 1% of users. This 1% uses specific USB keys, which contains e-signatures and other certificates issued by local government to access e-services (e.g. tax offices). We have no control over these storage's, but there's clear business requirement for them.
Anyone can suggest solution, how to white-list these different type of USB devices, while blocking others, keeping in mind, that we don't control them and they are different in each country?
group-policy usb-storage restrictions
asked 18 hours ago
ThatGuy
61
New contributor
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Im looking for a solution to implement and easily manage USB white-listing in multiple countries.
We have restricted USB storage usage using group policies, as 99% of users don't need to use external storage, but we are having problem with 1% of users. This 1% uses specific USB keys, which contains e-signatures and other certificates issued by local government to access e-services (e.g. tax offices). We have no control over these storage's, but there's clear business requirement for them.
Anyone can suggest solution, how to white-list these different type of USB devices, while blocking others, keeping in mind, that we don't control them and they are different in each country?
group-policy usb-storage restrictions
group-policy usb-storage restrictions
asked 18 hours ago
ThatGuy
61
New contributor
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 18 hours ago
ThatGuy
61
New contributor
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 18 hours ago
ThatGuy
61
New contributor
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 18 hours ago
ThatGuy
61
asked 18 hours ago
ThatGuy
61
61
New contributor
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Write custom udev rules.
– Ipor Sircer
18 hours ago
1
You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
– Seth
18 hours ago
You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
– Austin Hemmelgarn
7 hours ago
add a comment |
3
Write custom udev rules.
– Ipor Sircer
18 hours ago
1
You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
– Seth
18 hours ago
You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
– Austin Hemmelgarn
7 hours ago
3
3
Write custom udev rules.
– Ipor Sircer
18 hours ago
Write custom udev rules.
– Ipor Sircer
18 hours ago
1
1
You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
– Seth
18 hours ago
You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
– Seth
18 hours ago
You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
– Austin Hemmelgarn
7 hours ago
You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
– Austin Hemmelgarn
7 hours ago
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.
ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.
ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.
ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1374957%2fwhitelist-specific-usb-keys-and-block-others%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
Write custom udev rules.
– Ipor Sircer
18 hours ago
1
You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
– Seth
18 hours ago
You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
– Austin Hemmelgarn
7 hours ago