I have a Web form where I put the serial numbers of all USB flash drives that are permitted in my Network. Dynamically, my Ubuntu hosts consult, by a script, this list and block or permit the USB flash drives to be mounted. In Linux platform I used the UDEV services to trigger this script.
I know that in Microsoft platform there are the policies and in System/Device Installation/Device Installation Restrictions/DeviceInstall_Allow_Layered it could be typed something like USBSTORDisk&Ven_123&PID_4567891011121314151617181920.
So, consider the steps:
1 – I already have the serial numbers, but in 1234567890 format in a web page;
2 – I know that it is possible to update a list with a command like >iwr http://my_form_serial_numbers.html -OutFile C:Users%USER%AppDataLocalserial.txt;
The questions are:
How to allow only the listed serial numbers mentioned above to mount?
How to update the serial list in Active Directory dynamically?