Issue With USB Devices on Domain PC's

Question

I have just recently started working at a company that has a pretty minimal set-up with their IT, there was a domain setup, but only the default GPO's were assigned within Active Directory.

Whenever Users put in a USB device they get the following Error Message

And whenever they click on the drives it says:

*Drive Letter*\ is not accessible. Access is denied.

As if there was some kind of permissions error, however I can see no policy that would deny users access to drives, and there are no security permissions set up on the drives, it is just full access for the 'Everyone' Group.

When I log in as the domain administrator however, I can access the drive, and I have tried the following:

Formatting the Drive to NTFS
Formatting the Drive to FAT
Opening CMD and executing "cacls Drive:\ /t /c /g Everyone:F"
Made Sure that 'user config\admin templates\windows components\windows explorer\prevent access to drives from my computer'is set to not configured (And tried disabled)
Going in to the Security tab and giving specific users full permissions via the administrator account.
Setting to the device ownership to differnet users such as a domain user.

Help with this would be much appreciated :)

https://ada-young.appspot.com/pastebin/80b87e4c Here you go :) — Alex Walker-Ingham, Nov 04 '15 at 15:42
Are the drives accessible if you logon with a local account that is not a member of the Administrators group? — Greg Askew, Nov 04 '15 at 16:28
Hi, I have just tried this and they still are not accessible through a local account that inst in the admin group, the PC I have tried it on is connected to the domain. — Alex Walker-Ingham, Nov 04 '15 at 16:34

score 2 · Answer 1 · answered Nov 04 '15 at 15:11

2

Did you look at the settings that are configured in the Default Domain Policy GPO (or any other GPO that applies to the users)? My guess is that when you do you'll see these settings enabled.

answered Nov 04 '15 at 15:11

joeqwerty

109,901
6
81
172

Hi, It seems to be showing not configured, so I have tried disabling them also and it has made no difference – Alex Walker-Ingham Nov 04 '15 at 15:32
I notice the error message looks like a Windows 8 variety (or 10). Are you viewing GP from a Windows 8 set of policies such as in RSAT? Another thought, have you looked at Group Policy on any of the workstations directly? – tcv Nov 04 '15 at 16:18
Hi, I looked at this and all the policies that are set to not configured on the workstation – Alex Walker-Ingham Nov 04 '15 at 16:35
How did you look at them? If you looked at them using the local Group Policy editor than you're looking at the local Group Policy, not the domain-based Group Policy. In the Group Policy Management Console on one of your Domain Controllers run the Group Policy Results wizard against one of the computers in question and look at what domain-based Group Policy settings are being applied. – joeqwerty Nov 05 '15 at 02:55

score 0 · Accepted Answer · answered Feb 11 '16 at 12:41

I have eventually found the issue... Someone at some point had installed GFI endpoint security, and blocked all USB devices, and then removed it from the server without uninstalling the end points.

The way I got around this was to go on to all the affected PC's and do the following...

Boot from Windows CD
Choose REPAIR (R) and select the option to open CMD
Entered the command: DEL C:\WINDOWS\system32\drivers\esecdrv60.sys
and then 'Exit'
I then had to boot windows normally, and when it booted up delete the following registry keys:
HKLM\SYSTEM\CurrentControlSet\ServicesEsecAgentSvc
HKLM\SYSTEM\CurrentControlSet\esecdrv
HKLM\SYSTEM\CurrentControlSet\esecdrv60
HKLM\SOFTWARE\GFI\EndPointSecurity
And finally delete the folder C:\Program Files\GFI\EndpointSecurity 4 agent

And then once I rebooted the issue was solved.

Issue With USB Devices on Domain PC's

2 Answers2