Whitelist specific USB keys and block others











up vote
1
down vote

favorite












Im looking for a solution to implement and easily manage USB white-listing in multiple countries.
We have restricted USB storage usage using group policies, as 99% of users don't need to use external storage, but we are having problem with 1% of users. This 1% uses specific USB keys, which contains e-signatures and other certificates issued by local government to access e-services (e.g. tax offices). We have no control over these storage's, but there's clear business requirement for them.



Anyone can suggest solution, how to white-list these different type of USB devices, while blocking others, keeping in mind, that we don't control them and they are different in each country?










share|improve this question







New contributor




ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 3




    Write custom udev rules.
    – Ipor Sircer
    18 hours ago






  • 1




    You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
    – Seth
    18 hours ago










  • You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
    – Austin Hemmelgarn
    7 hours ago















up vote
1
down vote

favorite












Im looking for a solution to implement and easily manage USB white-listing in multiple countries.
We have restricted USB storage usage using group policies, as 99% of users don't need to use external storage, but we are having problem with 1% of users. This 1% uses specific USB keys, which contains e-signatures and other certificates issued by local government to access e-services (e.g. tax offices). We have no control over these storage's, but there's clear business requirement for them.



Anyone can suggest solution, how to white-list these different type of USB devices, while blocking others, keeping in mind, that we don't control them and they are different in each country?










share|improve this question







New contributor




ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 3




    Write custom udev rules.
    – Ipor Sircer
    18 hours ago






  • 1




    You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
    – Seth
    18 hours ago










  • You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
    – Austin Hemmelgarn
    7 hours ago













up vote
1
down vote

favorite









up vote
1
down vote

favorite











Im looking for a solution to implement and easily manage USB white-listing in multiple countries.
We have restricted USB storage usage using group policies, as 99% of users don't need to use external storage, but we are having problem with 1% of users. This 1% uses specific USB keys, which contains e-signatures and other certificates issued by local government to access e-services (e.g. tax offices). We have no control over these storage's, but there's clear business requirement for them.



Anyone can suggest solution, how to white-list these different type of USB devices, while blocking others, keeping in mind, that we don't control them and they are different in each country?










share|improve this question







New contributor




ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Im looking for a solution to implement and easily manage USB white-listing in multiple countries.
We have restricted USB storage usage using group policies, as 99% of users don't need to use external storage, but we are having problem with 1% of users. This 1% uses specific USB keys, which contains e-signatures and other certificates issued by local government to access e-services (e.g. tax offices). We have no control over these storage's, but there's clear business requirement for them.



Anyone can suggest solution, how to white-list these different type of USB devices, while blocking others, keeping in mind, that we don't control them and they are different in each country?







group-policy usb-storage restrictions






share|improve this question







New contributor




ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 18 hours ago









ThatGuy

61




61




New contributor




ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






ThatGuy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 3




    Write custom udev rules.
    – Ipor Sircer
    18 hours ago






  • 1




    You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
    – Seth
    18 hours ago










  • You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
    – Austin Hemmelgarn
    7 hours ago














  • 3




    Write custom udev rules.
    – Ipor Sircer
    18 hours ago






  • 1




    You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
    – Seth
    18 hours ago










  • You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
    – Austin Hemmelgarn
    7 hours ago








3




3




Write custom udev rules.
– Ipor Sircer
18 hours ago




Write custom udev rules.
– Ipor Sircer
18 hours ago




1




1




You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
– Seth
18 hours ago




You will have to get device IDs or similar for those devices as otherwise you will not be able to whitelist individual devices. Some of them might be an independent class.
– Seth
18 hours ago












You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
– Austin Hemmelgarn
7 hours ago




You can't do this reliably, because it's actually pretty trivial to fake USB ID's (you can do it with about 20 USD of hardware and a few hundred lines of code.
– Austin Hemmelgarn
7 hours ago















active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.










 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1374957%2fwhitelist-specific-usb-keys-and-block-others%23new-answer', 'question_page');
}
);

Post as a guest





































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes








ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.










 

draft saved


draft discarded


















ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.













ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.












ThatGuy is a new contributor. Be nice, and check out our Code of Conduct.















 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1374957%2fwhitelist-specific-usb-keys-and-block-others%23new-answer', 'question_page');
}
);

Post as a guest




















































































Popular posts from this blog

Сан-Квентин

8-я гвардейская общевойсковая армия

Алькесар