Greetings,
We are running Windows 2008 Server Standard 32 bit as a Domain Controller.
We have implemented group policy to block USB & CD Drive access.
Group Policy performs the following on client machines :-
1. Rename C:\windows\inf\usbstor.inf to disabled.usbstor.inf
2. Rename C:\windows\inf\usbstor.pnf to disabled.usbstor.pnf
3. Set Start value = 4 in Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
4. Set Start value = 4 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom
To enable USB manually we perform following on client machines :-
1. Rename C:\windows\inf\disabled.usbstor.inf to usbstor.inf
2. Rename C:\windows\inf\disabled.usbstor.pnf to usbstor.pnf
3. Set Start = 3 in Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
4. Set Start value = 1 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom
Issue:-
If we perform above steps to enable USB or CD ROM manually.
Both USB & CD ROM displays "Access is denied"(Please refer to images attached below)
Observation:-
- We have even tested the same with Domain Admin's account still the issue exists.
- The above scenario works fine with DC (Windows Server 2003 & Windows Server 2012)
- As we remove PC from Domain to Workgroup, CD ROM & Flash Drives start to work again.
Please advise.
Thanks
Regards,
S. Soheb Akhtar