Setting CD drive permissions in Windows XP for security reasons

There may be times when you want to block the use of CD drives for security reasons. In Windows XP, you can.

Recordable CDs have become a standard feature on desktop systems. Whether write-once (CD-R) or rewritable (CD-RW), they give users an easy way to store hundreds of megabytes of information on a single disk.

Maybe too easy for some administrators. One little disk can easily hold proprietary information or secure data and can just as easily disappear out the door in someone's pocket or purse.

Although applications are usually installed on networked computers via downloads over the corporate LAN, these are the facts: Most office workstations have CD drives whether they need them or not, and almost all CDs sold today can record data. As a result, there may be times when an administrator will want to block the use of CD-R and CD-RW drives for security reasons.

Windows XP provides a way to prevent users from accessing drives with the My Computer option on the desktop. This is done through a setting in the Group Policy Microsoft Management Console (MMC) snap-in called Prevent access to drives from My Computer. (The setting is specifically User Configuration\Administrative Templates\Windows Components\Windows Explorer.) Unfortunately, this setting doesn't always work.

There are two ways to handle the problem. The most direct way is to download a hotfix from Microsoft, but a workaround is also available. It relies on the Remove CD Burning feature command under User Configuration\Administrative Templates\Windows Components\Windows Explorer.

Microsoft discusses this situation, and the fixes, in Knowledge Base article 875555.


About the author: Rick Cook specializes in writing about issues related to storage and storage management.

