WinSecWiki
Windows Security Settings
Articles
WinSecWiki
»
Windows Security Settings
»
Local Policies
»
Security Options
»
Devices: Allowed to format and eject removable media
Devices: Allowed to format and eject removable media
Devices: Allowed to format and eject removable media
Like the previous setting this one is somewhat laughable as well.
You can limit this policy to 1 of 3 choices
Administrators
Administrators and Power Users
Administrators and Interactive Users
The idea of the setting is to protect against users (aka losers?) trying to move data to removable media for subsequent nefarious purposes. The first problem though has to do with how such devices normally work: MS’s Threats and Countermeasures document acknowledges “the fact that most removable storage devices will eject media by pressing a mechanical button diminishes the advantage of this policy setting.”
In addition, this policy apparently only applies to NTFS formatted removable media.
Finally, how hard would it be to tear off the cover of the device and yank out the disk or tape?
Bottom line
Again, don’t sweat this setting and move on.
Add Your Comments
Name:
*
Email Address:
Web Address:
Verification Code:
*
Details
Article not rated yet.
Article has been viewed 1,890 times.
Options
Bookmark Article
Social Bookmarks
Comments RSS
Upcoming Webinars
Additional Resources
Security Log Quick Reference Chart
Security Log Resource Kit
Learn about the SharePoint Audit Log
Patch Tuesday Analysis
Workstation Configuration Management
Home
>
Windows
>
WinSecWiki
User name:
Password:
/
Forgot?
Register
Home