tag:blogger.com,1999:blog-7224550866255217275.post5907693485969975476..comments2023-08-05T11:26:02.503-04:00Comments on technosurfer.net: The Drive for Data Protection - eWeek April 16, 2007dgftesthttp://www.blogger.com/profile/00070640406100287116noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-7224550866255217275.post-83453658399202165972007-07-13T05:32:00.000-04:002007-07-13T05:32:00.000-04:00Surely, the potential threat for the enterprise to...Surely, the potential threat for the enterprise to fall victim to data fraud increases with each new day. Alas, that's the backside of progress. We get new devices and then these new devices cause us trouble. Microsoft makes some efforts to resist that, we can recall supplementary administrative template that was published by one MS MVP on support site. This solution, though, had a big negative part and was subject to tatoo the registry with template data when the template was being removed from the GP scope. While Vista has made a big step to protect organizations from data fraud by inventing special device installation and usage group policies it still involves taking extra steps to block for example standard USB devices such as manually identifying the device ID strings needed to block the device. The problem is denying the specific access type to the device. As far as I can see if I want to block write access to my device I should choose from the set of three types of devices which include removable disks, floppy drives and WPD devices. That is, you have to determine in advance what class of devices you should block and if you can afford blocking the whole class at once. Moreover it still gives no answer what to do with obsolete (if we can call them so) operating systems such as all NT 5 line with Windows 2000/2000 Server and Windows XP/Server 2003. So talking about my private case we here have chosen a third-party tool (in our case that was Scriptlogic's Desktop Authority) that allows choosing the device types granularly and locking them down by <A HREF="http://www.scriptlogic.com/desktop-authority-usb-device-lockdown.asp" REL="nofollow">differentiating between</A> USB, IEEE1394 devices and for example bluetooth devices. That allows read access for a person within a specific organizational unit for USB sticks, and forbids write access to it while totally forbidding the access for bluetooth devices or docking PPCs. A very appealing tool! We maintain wireless access within the building and the device management policies within Desktop Authority help a lot.Daniel Nadelhttps://www.blogger.com/profile/00891677912128425068noreply@blogger.com