This is a tough issue! If you want to log access, you should consider deploying a configuration management product throughout your enterprise. However, it sounds like you're simply looking for a solution that allows you to enforce your "no USB devices" policy. Fortunately, Windows XP SP2 provides a direct way to solve this problem through a registry setting. You need to add a DWORD value called WriteProtect to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlStorageDevicePolicies and set the value to 1. (Note: If you don't understand that, seek assistance from someone familiar with editing the Windows Registry. Editing the registry improperly can seriously damage your operating system).
- Visit our resource center for the latest news, tips and expert advice on how to create an effective device security policy.
This was first published in September 2006