+ Post New Thread
Results 1 to 4 of 4
Windows Thread, USBDLM Issue - Restricting number of USB Devices in Technical; I am currently testing USBDLM v4.4.2 to allow a select group of computers / users to use USB pen drives. ...
  1. #1

    Join Date
    Dec 2007
    Posts
    867
    Thank Post
    90
    Thanked 165 Times in 140 Posts
    Rep Power
    49

    USBDLM Issue - Restricting number of USB Devices

    I am currently testing USBDLM v4.4.2 to allow a select group of computers / users to use USB pen drives.

    I’ve managed to successfully deploy and install the MSI via GPO, and used Group Policy Preference > Files to copy / update (the configuration file) usbdlm.ini file across to the required computer.

    My initial issue was with U3 Pen Drives, being allocated 2 drives letters, i.e. a virtual cd-rom drive. But after reading the help section on the website I have resolved that with the appropriate settings in the .ini file.

    The problem I have now is although I have configured the .ini file to only allocate and use 1 drive letter when a USB device is connected, (which works fine when a single USB pen drive is connected) if an additional USB pen drive is inserted it too is allocated a drive letter (next overall available windows drive letter) which means that any Software Restrictions in the GPO I have set does not apply (as the 2nd USB pen drive is on a different drive letter) and full access is gained to the USB pen drive.

    Is there a configuration setting I have missed? Or I am hoping too much from this very good piece of free software?
    Last edited by MYK-IT; 12th January 2010 at 08:43 AM.

  2. #2


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,878
    Thank Post
    226
    Thanked 2,669 Times in 1,968 Posts
    Rep Power
    786
    From what I've seen of USBDLM I don't think this is possible. I suppose you could configure it to use a range of driver letters (e.g. W,X,Y,Z) since I doubt anyone would connect more than four USB flash drives/card readers at any one time and then duplicate your path rules for these drive letters. Alternatively you could use certificate or hash rules which will work no matter what the drive letter is but these have their own set of issues too.

  3. #3


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,878
    Thank Post
    226
    Thanked 2,669 Times in 1,968 Posts
    Rep Power
    786
    Just thought of a different way you could do this using the setting below (although it's not ideal)...

    Code:
    [DriveLetters]
    Letter1=C:\USB\%VolumeLabel%
    This will force USBDLM to use folders as mount points for USB devices rather than individual drive letters. While you could create a path rule that denies all .exe's (for example) from C:\USB and its sub-folders, it might confuse users if they have to look for a folder rather than a drive letter. Also, if you have hidden the C: drive this will not work either.

  4. #4

    Join Date
    Dec 2007
    Posts
    867
    Thank Post
    90
    Thanked 165 Times in 140 Posts
    Rep Power
    49
    Just thought i would let you know that i have resolved this problem.

    In the .ini file i have only listed 1 drive letter to be allocated to USB devices, but as previously mentioned if you add another one (or more) they are allocated a drive letter (next available windows drive letter) to get around this i configured the .ini file as follows:


    [DriveLetters]
    Letter1={enter required drive letter here}
    Letter2=-

    This now means the Software Restriction in the GPO will be applied to the one and only USB Drive letter.

    The biggest issue i am having now, which i am surprised has not been discussed much, is despite setting up Software Restriction to stop programmes / executables from running, if the USB contains a ZIP file (that contains restricted files, .exe, .msi etc) they are able to be run. This is due to the ZIP Folders facility in Window XP (upwards).

    The only workaround i have found so far is to unload the zip folders .dll and rename it (to stop it re-running) and/or set the Software Restriction path to include %temp% and %tmp%.

    My god, USB devices cause so much hassle!!

SHARE:
+ Post New Thread

Similar Threads

  1. XenServer and USB devices
    By localzuk in forum Thin Client and Virtual Machines
    Replies: 6
    Last Post: 21st April 2009, 05:11 PM
  2. Internet Issue on a few devices
    By stariq in forum Wireless Networks
    Replies: 9
    Last Post: 3rd February 2009, 10:40 AM
  3. Replies: 42
    Last Post: 20th November 2008, 10:58 AM
  4. [Website] Weird USB Devices
    By eduabncs in forum Jokes/Interweb Things
    Replies: 4
    Last Post: 9th May 2008, 01:18 PM
  5. USB devices for non-admins
    By eejit in forum Windows
    Replies: 46
    Last Post: 15th November 2007, 03:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •