Wednesday, November 21, 2012

Step-By-Step Guide to Controlling Device Installation Using Group Policy

Summary: By using the Windows Server 2008 and Windows Vista operating systems, administrators can determine what devices can be installed on computers they manage. The guide summarizes the device installation process and demonstrates several techniques for controlling device installation. (34 printed pages.)

Contents

Introduction
   Who Should Use This Guide?
   Benefits of Controlling Device Installation Using Group Policy
Scenario Overview
Technology Review
   Device Installation in Windows
   Group Policy Settings for Device Installation
   Group Policy settings for Removable Storage Access
Requirements for completing the scenarios
   Prerequisite Procedures
Prevent installation of all devices
   Prerequisites for preventing installation of all devices
   Steps for preventing installation of all devices
Allow users to install only authorized devices
   Prerequisites for allowing users to install only authorized devices
   Steps for allowing users to install only authorized devices
Prevent installation of prohibited devices
   Prerequisites for preventing installation of prohibited devices
   Steps for preventing installation of prohibited devices
Control read and write permissions on removable media
   Prerequisites for controlling read and write permissions on removable media
   Steps for controlling read and write permissions on removable media
Conclusion
Additional resources
Logging bugs and feedback


Introduction


This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. Specifically, in Windows Server 2008 and Windows Vista you can apply computer policy to:


Prevent users from installing any device.

Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it.

Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it.

Deny read or write access to users for devices that are themselves removable, or that use removable media, such as CD and DVD burners, floppy disk drives, external hard drives, and portable devices such as media players, smart phones, or Pocket PC devices.

This guide describes the device installation process and introduces the identification strings that Windows uses to match a device with the device driver packages available on a computer. The guide also illustrates three methods of controlling device installation. Each scenario shows, step by step, one method you can use to allow or prevent the installation of a specific device or a class of devices. The fourth scenario shows how to deny read or write access to users for devices that are removable or that use removable media.


Read more: MSDN


Posted via email from Jasper-Net