We need to set your systems to allow administrative users to access a USB drive (if plugged into the USB port) but deny non-admin users.
I've found a plethora of online articles describing how to lock or deny users from using the USB port for drives e.g. Five ways to enable or disable USB drive access
However, I can't determine if any of these work across the board for both administrator and non administrator users
This Super User Entry implies that the setting is for non-admins, but I'm not entirely sure if I understand the response correctly. It states,
"...choose the non-administrators group"
I don't typically administer Windows, so I'm not all that familiar with how the group policy editor works with regard to settings applying to specific groups or users, etc. Same files and folder permissions. Anything beyond very basic allow/deny is beyond my core experience.
One intriguing method specifies setting file permissions on a couple of files to Deny SYSTEM and User access to the files. I'm thinking this method would be a good way to go to allow admins to have access to the files while denying non-admins; however, I'm concerned that having SYSTEM denied will throw a wrench in the works. I'd need admin/SYSTEM allowed and user/SYSTEM denied. Is that even possible?
With that said, I'd appreciate any assistance. We're using Windows Server 2008 R2 along with a bunch of Windows 8 and 10 workstations.
