A company has client computers that run Windows 8.1. Users store data on company-issued USB flash drives.
You establish that users are able to store data on personally owned USB flash drives.
You need to ensure that users can save data on company flash drives but not on personal flash drives.
What should you do?
A. Disable driver signature enforcement.
B. Run Device Manager as an administrator.
C. In the local Group Policy, modify the device installation restrictions.
D. In the system properties for hardware, modify the device installation settings.
Correct Answer: C
Explanation/Reference:
Explanation:
You could prevent installation of mass storage devices but use the "Allow administrators to override" setting to ensure an administrator could get the flash drive installed.
Further information:
http://msdn.microsoft.com/en-us/library/bb530324.aspx
Step-By-Step Guide to Controlling Device Installation Using Group Policy
Group Policy Settings for Device Installation
To enable control over device installation, Windows Vista and Windows Server 2008 introduce several policy settings. You can configure these policy settings individually on a single computer, or you can apply them to a large number of computers through the use of Group Policy in an Active Directory domain. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings.
The following is a brief description of the DMI policy settings that are used in this guide. Prevent installation of devices not described by other policy settings. This policy setting controls the installation of devices that are not specifically described by any other policy setting. If you enable this policy setting, users cannot install or update the driver for devices unless they are described by either the Allow installation of devices that match these device IDs policy setting or the Allow installation of devices for these device classes policy setting. If you disable or do not configure this policy setting, users can install and update the driver for any device that is not described by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting.
…
Allow installation of devices that match any of these device IDs. This policy setting specifies a list of Plug and Play hardware IDs and compatible IDs that describe devices that users can install. This setting is intended to be used only when the Prevent installation of devices not described by other policy settings policy setting is enabled and does not take precedence over any policy setting that would prevent users from installing a device. If you enable this policy setting, users can install and update any device with a hardware ID or compatible ID that matches an ID in this list if that installation has not been specifically prevented by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting. If another policy setting prevents users from installing a device, users cannot install it even if the device is also described by a value in this policy setting. If you disable or do not configure this policy setting and no other policy describes the device, the Prevent installation of devices not described by other policy settings policy setting determines whether users can install the device.
