How to Deny write access to USB mass storage devices?

As described in my previous post for disabling USB mass storage, this option is exceptional case were you need to allow USB mass storage for specific remote users. Below is the simple approach to deny write access on USB mass storage.
To prevent users from being able to write to USB disks follow these steps:

1. Open Registry Editor.

2. In Registry Editor, navigate to the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies
Note: This key might not exist. In that case simply create it as a new key under the parent key.

3. Right Click and Create the following value (DWORD):
WriteProtect
and give it a value of 1.

Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

4. Close Registry Editor.
Done!

Note: When you try to write something to any USB Disk and you'll get the following error as “Media Write Protected”

A method to find IS Maintenance calculation from ADSIEDIT?

How to find the IS Maintenance calculation from ADSIEDIT?

In Exchange 2003, by default, it will be in the form of Hexadecimal, decimal, octet and binary. The hexadecimal output looks like this:

00 07 ff ff f0 00 00 00 00 00 00 00
00 07 ff f0 00 00 00 00 00 00 00 00
00 07 ff f0 00 00 00 00 00 00 00 00
00 07 ff f0 00 00 00 00 00 00 00 00
00 07 ff f0 00 00 00 00 00 00 00 00
00 07 ff f0 00 00 00 00 00 00 00 00
00 07 ff ff f0 00 00 00 00 00 00 00

NOTE: The I have formatted the schedule above so every row represents a day of week. The first row is Sunday, followed by Monday and so forth and the last row is Saturday. Each row contains 12 entries of 2 numbers each. Every single number in the sequence represents one hour. Therefore, every row represents a 24 hour period.

The schedule above is in GMT time zone, and you can read it this way:

Since the data is a bit stream, you can represent it as this sequence: 0 0 0 7 f f f f f 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0. Every number in the sequence represents an hour. So in this example, for first three hours the maintenance is off. Now, 0x7 is 0111 in bit representation, that means that 3:00am is off, 3:15am, 3:30am and 3:45am are on. 0xF is 1111, so that means entire hour is on. Again, in this example, we get that 8am is on, 9am is off. So, we get that the schedule is 3:15am - 9am GMT. The data is in GMT time zone, so we have to convert it into local time zone.

How to disable only USB Mass storage on Microsoft OS

Folks, Lets keep our heads up for security audits,However disabling the entire USB port doesnt make sense, Which USB port is only universal port for all hardware accessories connectivity like Mice/Mouse, Modem, DigiCAM etc.

Hence the feseable option is to only disable USB Mass storage from desktops through AD GPO. Below are the steps, which will allow you to enable or disable the use of USB mass storage devices.

I have tested this in windows 2003 server (My virtual server) and seems to work well. It does not disable other USB devices, like USB keyboard, Mouse etc, so it is a better solution than just disabling USB ports all together.

Reference articles:
http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
http://support.microsoft.com/default.aspx?scid=kb;en-us;555324

Plan Of Action:
1.) Take the following blue text, copy it, and paste it into a text document. Then, save it as USBSTOR.ADM

CLASS MACHINE
CATEGORY "Custom Policies"
KEYNAME "SYSTEM\CurrentControlSet\Services\UsbStor"
POLICY "USB Mass Storage Installation"
EXPLAIN "When this policy is enabled, USB mass storage device permissions can be changed by using the drop down box.

Selecting 'Grant Permission' will allow USB mass storage devices to be installed. Selecting 'Deny Permission' will prohibit
the installation of USB mass storage devices.

IF REMOVING THIS POLICY: Reset to original setting and let policy propegate before deleting policy."
PART "Change Settings:" DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME "Grant Permission" VALUE NUMERIC 3 DEFAULT
NAME "Deny Permission" VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
END CATEGORY

2.) Open a group policy management console (gpedit.msc), and right click on "administrative templates" under "Computer Configuration". Select "Add/Remove Templates".

3.) Browse to the text document you just saved and click OK. You'll now see "Custom Policies" under "Administrative Templates". Right click on it, select "View", then select "Filtering". Uncheck the bottom box, labeled "Only show policy settings that can be fully managed".

4.) Click ok. Now you'll see the USB policy available for use under the custom policy heading. From there, you can enable or disable it just like any other policy.

Note: This is applicable for all version of Win2000, XP, 2003 & Vista.
If you need the ready ADM template, please free to mail me on lijin_l@hotmail.com.

How can I know what programs are running in another machine in the same network? Is there any software to run locally for monitoring other machines?

How can I know what programs are running in another machine in the same network? Is there any software to run it locally for monitoring other machines? Does Ethereal do this work?
There are actually a few tools that may allow you to see what processes are running remotely on another machine. All of these tools require at one point or another to have authorized administrative rights to the machine. Many companies use this technology to administer servers and help troubleshoot desktop issues remotely.
The first tool that comes to mind is SNMP. Mostly because there are so many tools out there that will allow you to report upon processes running on a machine if you have SNMP access to it. There are a lot of freeware, shareware, and commercial products that will utilize the flexibility of SNMP to manage servers in this capacity. The only requirement is that you have access to the device and it is SNMP-enabled. Do a quick search for server management SNMP on Google to find a list of products available.

Below are few open source and freeware tools recommended!
• Nagious
• HP SIM
• Big Brother
• MRTG

Depending on the operating system and platform, there are numerous remote management tools that will allow you to identify what processes are running on a client's workstation. Administration tools and resource kits (look at pstools) for Windows Operating Systems give you the ability through the Windows Management interface to connect via RPC to a client's workstation that you have administrative rights to. Similar functions exist for Unix and Linux platforms as well. They will list the processes in use, CPU, memory, and other diagnostic information for the device selected.
Unfortunately ethereal doesn't really give you this same information. Ethereal will certainly allow you to see the traffic passing through a device from one machine to the other off of a port mirror or capture on a host. But it won't tell you the actual processes that are running if it is not a network-based process. For things like HTTP, DNS, DHCP requests, ethereal will give you insight into those transactions. It is great at telling you what your packet level transactions are like for those various network services. Issuing the netstat command will also reveal information about the processes that have network connections to other hosts on the network. Using this information will allow you to troubleshoot issues regarding network connection problems. There are also several freeware tools out there that I will use for troubleshooting networking issues on a host like qCheck and TCPView.