Ben, I was working in a secure govt. facility, and what we did was disable write access to the drives. Don't ask me how the Network Admins did it, though.
Another thing to turn your hair white and pull it out - what about those USB storage devices? How are you going to keep *them* from being written to or read from? It used to give me nightmares, since the devices are small and easily fit into a pocket or other small area... Steve Egan (temp) Systems/Neetwork engineer Purcell Systems desk: 509 755-0341 x 110 cell: 509 893-0751 fax: 509 755-0345 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN Sent: Wednesday, December 13, 2006 7:36 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Lockdown CD-ROM access for some I have been given a task for our secured environments (by secured, I mean government clearances required) to develop a means to lock down access to the CDROM drive at a user based level. They want most users to be restricted from using the CDROM drives in anyway, but allow a certain security group the ability to have full use of their CDROM drives. As far as I can tell, there is not a group policy that allows for this type of granular lockdown of the devices. Any suggestions on how to best tackle this? Information simply cannot leave these secured environments, and they no longer want users to have unfettered access to CD/DVD burners. The drive letter of the CD drives may not always be the same, in fact some machine's drive letters may vary wildly. Thanks, ~Ben
