Escenario:

- Active Directory Domain

- Pc whit Winddows Vista (for this example Bussiness)

- Config. a GPO (Computer and User config)

Administrative Templates \ System \ Removable Storage Access

“Removable Disks: Deny write access� Enable


- Apply the GPO in the OU for Windows Vista computers.

- gpupdate /force


And the configuration registry is: (1) for:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Wind ows\RemovableStorageDevices

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win dows\RemovableStorageDevices


Insert a USB in you computer and dont cant write in the USB.


Now, change this value to "0" in the configuration registry

LogOff/LogOn and now you can write in the USB.


The question is,

Why the Windows VISTA don't refresh the policy? and reconfigure the value?

I shutdown/logoff/logon/logon-otheruser/ and vista never refresh the
configuration.


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://windowshelp.microsoft.com/com...sta.sec urity

That's how Group Policy works. There is no enforcement. Every 90 minutes the
system checks if the policies have changed on the DC, and if there is no
server-side change they are not reapplied. There is more info he
http://technet2.microsoft.com/window...ed/gp/faq.mspx

In addition, GP is reapplied on certain events (startup for HKLM settings,
logon for HKCU). A local admin can therefore easily change HKLM settings and
override the policies.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"AdrianSa" wrote:

Escenario:

- Active Directory Domain

- Pc whit Winddows Vista (for this example Bussiness)

- Config. a GPO (Computer and User config)

Administrative Templates \ System \ Removable Storage Access

“Removable Disks: Deny write access� Enable


- Apply the GPO in the OU for Windows Vista computers.

- gpupdate /force


And the configuration registry is: (1) for:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Wind ows\RemovableStorageDevices

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win dows\RemovableStorageDevices


Insert a USB in you computer and dont cant write in the USB.


Now, change this value to "0" in the configuration registry

LogOff/LogOn and now you can write in the USB.


The question is,

Why the Windows VISTA don't refresh the policy? and reconfigure the value?

I shutdown/logoff/logon/logon-otheruser/ and vista never refresh the
configuration.


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://windowshelp.microsoft.com/com...sta.sec urity