I contract at a school system and they are requesting to block all file types except *.doc on students usb drives, I am drawing a blank..any ideas?
Flash drive & file type restriction
- Thread starter douglas
- Start date
Bess can't go there.
You can't do it.
All you can do is lock down the student network accounts (if, in fact, there are domain accounts in force) so that they can't do anything useful with the files on the drive (i.e. prevent them from launching filesystem modifying executables, block access to image viewing applications so they can't look at pictures, etc.)
You can't, at the file system level, prevent them from loading files onto their drives.
All you can do is lock down the student network accounts (if, in fact, there are domain accounts in force) so that they can't do anything useful with the files on the drive (i.e. prevent them from launching filesystem modifying executables, block access to image viewing applications so they can't look at pictures, etc.)
You can't, at the file system level, prevent them from loading files onto their drives.
yup, about all I can come up with is preventing the kids from running exe/bats/etc on their usb drives (which would be a major PITA), but it serves no purpose being they can just copy the files to the desktop & run them from there, or completely disable the kids from being able to use usb drives at all.
I wonder who here came up with this stupid request in the 1st place
I wonder who here came up with this stupid request in the 1st place
You could lock down the user account to prevent them from being able to modify the file system on the local computer, either to stop them from copying the files over or to stop them from being able to run potentially damaging executables... how you do this depends on whether or not they're using domain accounts (do it in active directory) or local accounts (local security policy).
We use AD, but they need to move files over (legit homework, etc)
You should be able to lock down the system pretty well with AD. Restrict their rights to only writing to the desktop and My Docs.
If they can't modify any system files and are restricted to the damage of their own user files, at least the worst case is you have to delete their cached profile and have them re-login. If you dig down in AD, you can really lock down user profiles pretty hard.
If they can't modify any system files and are restricted to the damage of their own user files, at least the worst case is you have to delete their cached profile and have them re-login. If you dig down in AD, you can really lock down user profiles pretty hard.