Odd USB Drive Problem in a domain / Solution

[rsoxhater]

Our IT department just purchased a few of those 256mb flash drives for us to use. Of our IT staff, two have XP computers and the other is Win2k. These drives, Viking Interworks 256mb 2.0USB drive, worked fine on the Windows 2000 computer in our domain. However, on the two XP computers, the computer would recognize them, but not assign them a drive letter.

It turns out the F: drive, the next physical drive letter available, was already hard mapped on my computer to a network drive in our domain. XP I'm guessing tried to assign the F: to this drive, which it couldn't. I unmapped the network drive and plugged in the drive again, and everything worked fine.

Just wanted to share this in case anyone else runs into the same problem - I spent nearly an entire day trying to figure this out, as my account has full domain admin privledges, so I knew it wasn't a permission issue.

Hope this helps someone out there!

Thanks,
Patrick

 

[bcastner]

I agree the PnP enumeration is not sensitive to mapped drives.

Do as you stated: remove the map temporarily and let XP recognize the drive.

Then use the Disk Management snap-in to change the drive letter of the USB pen drive to a non-conflicting drive letter.

 

[rsoxhater]

Exactly - Tech support for viking told me it was a permissions problem, which I knew it wasn't.

Like I said, hopefully this helps someone and saves them a days worth of cursing at the computer like me....lol

 

[bcastner]

Programmaticly one can do the same with the internal scripting capabilities of Diskpart, but this is decidedly non-trivial.

The workaround you describe is I think the safer bet, and I for one appreciate the reminder. Now a puzzle for you: how do you stop or restrict the use of these devices in a Win2k or Win2003 Domain to prevent a user copying sensitive data files to be carried off-site?

 

[rsoxhater]

Good question - i'm thinking there must be some way in domain policy to restrict this - we have a Win2k primary controller here.

The only three people who have these are IT staff, who could just as easily burn them onto a CDROM.

As for as normal users - each department is restricted to their own files and programs - IE someone from the town clerks office couldn't access the comptrollers files or programs. As for stopping someone from the comptrollers office taking their files home with them at night I'm honestly not sure how we could do that. Normal users are restricted so that they can't install programs - IT has to do that. Every computer has a cd burner but the software is not preinstalled, so a user has to request this of IT and have a specific reason to need it.

As for these little drives - it'd be very easy just to copy files over to it even as only a regular user.

Any suggestions?

 

[bcastner]

We are getting OT, here, so I will be very brief:

Group Policy handles removable media, including CD Roms. Although the policy is complete -- you deny access.

The Win2k resource kit included a utility to bar access to floppy drives:

http://www.dynawell.com/reskit/microsoft/win2000/floplock.zip

The answer as best I have been able to determine is that there is not a native facility in Group Policy or native utility to stop the activity. There are third-party tools beginning to appear: e.g.

http://www.gotpackets.com/rdd/rddindex.htm

I made the point above to highlight a possibly important issue to security as these wonderful little devices begin proliferating.