Escenario:
- Active Directory Domain
- Pc whit Winddows Vista (for this example Bussiness)
- Config. a GPO (Computer and User config)
Administrative Templates \ System \ Removable Storage Access
“Removable Disks: Deny write access” Enable
- Apply the GPO in the OU for Windows Vista computers.
- gpupdate /force
And the configuration registry is: (1) for:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\RemovableStorageDevices
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices
Insert a USB in you computer and dont cant write in the USB.
Now, change this value to "0" in the configuration registry
LogOff/LogOn and now you can write in the USB.
The question is,
Why the Windows VISTA don't refresh the policy? and reconfigure the value?
I shutdown/logoff/logon/logon-otheruser/ and vista never refresh the configuration.
This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane.
windowshelp.microsoft.com/communities/newsgroups/en-us/default.mspx?mid=6969bd95-dba5-4342-af59-17d3cb454b7d&dg=microsoft.public.windows.vista.security

That's how Group Policy works. There is no enforcement. Every 90 minutes the system checks if the policies have changed on the DC, and if there is no server-side change they are not reapplied. There is more info here: technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx
In addition, GP is reapplied on certain events (startup for HKLM settings, logon for HKCU). A local admin can therefore easily change HKLM settings and override the policies. - Your question may already be answered in Windows Vista Security: amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
"AdrianSa" wrote: