Information Technology Reference
In-Depth Information
To audit the success or failure of access to removable devices, use the Audit Removable
Storage setting in the Computer Configuration\Policies\Windows Settings\Security Settings\
Advanced Audit Policy Configuration\Audit Policies\Object Access folder. You can audit
Success (event 4663), Failure (event 4656), or both. If you enable Failure tracking, you need
to also enable the Audit Handle Manipulation For Failure events.
Thought experiment
Disabling and auditing removable USB drives
In this thought experiment, apply what you've learned about this objective. You can
find answers to these questions in the “Answers” section at the end of this chapter.
You are the network administrator for TreyResearch.net. Because of past concerns
and the sensitive nature of the research being conducted at Trey, the company has
issued a policy that no one is to use USB flash drives on company computers. You
have been asked to implement the policy. You have also been asked to audit any
attempts to use USB drives, even though they are not allowed. Users will continue
to be allowed to connect and use cell phones and media players, but all use of them
is to be audited.
1.
What settings do you need to enable to ensure that users can't use USB disks? All
policies are in the \Computer Configuration\Policies\Administrative Templates\
System\Removable Storage Access folder. (Choose all that apply.)
A.
Enable All Removable Storage Classes: Deny All Access
B.
Disable All Removable Storage Classes: Deny All Access
C.
Enable Removable Disks: Deny Execute Access
D.
Enable Removable Disks: Deny Read Access
E.
Enable Removable Disks: Deny Write Access
F.
Disable Removable Disks: Deny Write Access
G.
Disable Removable Disks: Deny Read Access
H.
Disable Removable Disks: Deny Execute Access
