USB Policy removal

Ibm / Xseries
March 20, 2009 at 22:35:41
Specs: Windows 2003, 1 Gb
hi all,

I had implemented a group policy for Blocking the USB. I had downloaded a template from a link.

Steps : i'ad done

1) Intially i tried to implement with an ou but it had failed.

2)i had installed GPMC

3) From GPMC i tried to implement for the whole domain.My bad luck it was succesfull. Finally client PC was given with read access to the USB and the Write access was denied.

4)after couple of days i thought to block entire USB access.so i manually deleted the Group Policy that i mentioned in step 3.

5)after deleting GP still now i could able to read the USB but write access was denied.I have been trying to fix it up for more than a week but i couldn't. Could some one guide me where i had done the mistake.

Regards

G Baranidharan


See More: USB Policy removal

Report •


#1
March 22, 2009 at 00:20:16
Since you were using GPMC, I assume that this is a domain setup and that you were applying the GPO from a domain controller?

If so, you should have added the GPO as an additional GPO to the domain and did not modify the default GPO.

To correctly remove the GPO, you should have fully disabled the GPO, then ran gpupdate /force on the client machine to ensure that the GP was disabled.

There is a tool to restore the default domain GPO, but I need to know what OS the server is running in order to provide you with the proper commands.

Please let me know if you have any questions.


------
MOS Master Certified
MCP Certified
CCNA Certificate Pending
A+ Certificate Pending

"I have gone to find myself. If I get back before I return, please tell myself to wait." :


Report •

#2
March 23, 2009 at 01:23:51
Thanks for Worthy acknowledgment.As you said i had implemented from Domain controller.

I'm making use of Windows 2003.

Since new to the server concept, I have one more question towards you.

Where could i find the attach.txt log files in my server....

Kindly help me out to fix the problem.

Thanks and Regards

G Baranidharan



Report •

#3
March 23, 2009 at 07:43:26
You will not find the attach.txt log on the server. I accidentally sent you a PM that I meant to send to another user that I am helping with a malware infection.

As for your issue, try doing the following.

1. Make sure that the GPO that you created is gone, or at least disabled. Ensure that it is not linked to any domains or OU.

2. Run DCGPOFIX from the command line.

3. Run GPUPDATE /FORCE from the client machine.

This will restore the default domain GPO.

CAUTION

This tool can restore default domain policy and default domain controllers policy to their original state after installation. When you run dcgpofix, you will lose any changes made to these Group Policy objects.
By specifying the /ignoreschema parameter, you can enable Dcgpofix.exe to work with different versions of Active Directory. However, default policy objects might not be restored to their original state. To ensure compatibility, use the version of Dcgpofix.exe that is installed with the current operating system.

You can find more information about using this tool Here.

Please let me know if this solved your problem or if you have any other questions.


------
MOS Master Certified
MCP Certified
CCNA Certificate Pending
A+ Certificate Pending

"I have gone to find myself. If I get back before I return, please tell myself to wait." :


Report •

Related Solutions


Ask Question