Hi Crowd,
I'm having a problem with group policy that's been driving me nuts for about a month now.
I need to limit write access to removable media.
Due to the layout of our network, I have multiple sites. Site A has computers that are connected to the internet, site B has computers that are not connected to the internet. Each site has a DC. I'm focusing on Site A for now.
I created two group policies:
"Removable Read Only" Has all "Deny write access" group policy objects ENABLED.
"Removable Read and Write" has all "Deny write access" group policy objects DISABLED.
I have created an OU (Lets call it "A Computers"), and added Site A's computers to it. I linked the two group policies I created to the "A computers" OU. I set the scope on "Removable Read" to "Authenticated Users".
I set the scope on "Removable Read and Write" to the "Transfer Agents" group.
Now when I login to a workstation, and run GPresult /v as one of the transfer agent users, it is reporting that the policies were applied, but it is not letting me write to media. (Im testing with USB flash drives)
Upon further investigation, gpresult reports that the "Removable Read and Write" policy has Deny_Write ENABLED!.
What am I missing? I honestly could have sworn this was working one day, and not the next. I tested so many different combinations of group policies, and this one seemed to work, then stop.
Someone please help me before I loose the rest of my hair!
Thanks!!