#StackBounty: #usb #group-policy How to create a dynamic White List of USB Mass Storage devices in a GPO Active Directory

Bounty: 100

I have a Web form where I put the serial numbers of all USB flash drives that are permitted in my Network. Dynamically, my Ubuntu hosts consult, by a script, this list and block or permit the USB flash drives to be mounted. In Linux platform I used the UDEV services to trigger this script.

I know that in Microsoft platform there are the policies and in System/Device Installation/Device Installation Restrictions/DeviceInstall_Allow_Layered it could be typed something like USBSTORDisk&Ven_123&PID_4567891011121314151617181920.

So, consider the steps:

1 – I already have the serial numbers, but in 1234567890 format in a web page;

2 – I know that it is possible to update a list with a command like >iwr http://my_form_serial_numbers.html -OutFile C:Users%USER%AppDataLocalserial.txt;

The questions are:

How to allow only the listed serial numbers mentioned above to mount?

How to update the serial list in Active Directory dynamically?

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.