USB Access disabled on laptop - workarounds?

[letmein]

So the IT department at my company woke up last week and decided that their InfoSec policy does not allow USB drive access. USB drives/ phones connected to the laptop are not recognized anymore.

Unfortunately, I have about ~100 GB of TV shows and movies on my work laptop that I now need to get from there onto my personal laptop/ an external HDD.

1) My user account on the laptop has admin rights.
2) The Group Policy for USB access does not seem to be modified.




Questions:
1) Anyway to bypass the USB restriction temporarily so I can move my stuff onto an external HDD?

2) The laptop also has a SD Card Port - any idea if this will also be disabled? I have a MicroSD Card Adapter somewhere, but it will be a pain to find it, so I want someone to confirm this before hunting for it.

3) Will connecting the laptop to another laptop via an Ethernet cable and setting up a homegroup to share data work?


(Posting this thread from my office laptop on office wi-fi )

 

[6pack]

I'm guessing the dvd drive is accessible.
Download a live cd version of linux mint or ubuntu and burn it to a dvd or use YUMI or something to write the iso to the sdcard. Then, you can boot into the live os of linux mint or ubuntu from dvd or sdcard and copy off all the stuff to an external hdd. Then shutdown the live linux os and remove the linux drive before rebooting the laptop.

3 will also work if you have set up sharing properly.

 

[letmein]

I'm guessing the dvd drive is accessible.
Download a live cd version of linux mint or ubuntu and burn it to a dvd or use YUMI or something to write the iso to the sdcard. Then, you can boot into the live os of linux mint or ubuntu from dvd or sdcard and copy off all the stuff to an external hdd. Then shutdown the live linux os and remove the linux drive before rebooting the laptop.

3 will also work if you have set up sharing properly.

It doesn't have a DVD drive unfortunately.

Will try #3 when I get home today.

Thanks.

 

[nRiTeCh]

This is unethical as per forum policy as you are trying to bypass security enforced by your work organisation.
Its better if you talk directly with the IT dept in your co. & surely they will do the needful.

 

[shady8701]

I had a similar issue earlier with my official laptop, what I did was to connect it to the WiFi at home and copy the data required to a shared folder on another pc.
Let me know if that works for you.
Abhi

 

[6pack]

This is unethical as per forum policy as you are trying to bypass security enforced by your work organisation.
Its better if you talk directly with the IT dept in your co. & surely they will do the needful.

not illegal inside his house if he uses another os. they should have given him some time to remove stuff off first before stopping all access though.

 

[nRiTeCh]

not illegal inside his house if he uses another os. they should have given him some time to remove stuff off first before stopping all access though.

Personal stuff aint allowed at all to be stored on office assets, laptop here. Doing so he is violating the security policies. Rather than tampering with anything now he can only transfer data via wifi which is his best bet.

 

[letmein]

Personal stuff aint allowed at all to be stored on office assets, laptop here.

I have a copy of the InfoSec policy I signed when I joined. It doesn't mention handling of personal data anywhere. Please do not assume.

 

[6pack]

Personal stuff aint allowed at all to be stored on office assets, laptop here. Doing so he is violating the security policies. Rather than tampering with anything now he can only transfer data via wifi which is his best bet.

lets assume your office has such a rule.
1 . why is the office allowing people to take the laptop home? for work? are they giving people overtime for working from home? if not then the employees who work from home without pay are nuts.
2. what's the use of making such stringent IT policy like disabling usb ports so no one can copy and paste only to allow a person to take the system home? looking at it from a security point of view, it is stupid. what dumb person came up with that policy? any security expert knows that once the system is out of your office or hands, it can be compromised.
3 . disabling usb etc is no use. you yourself gave a solution for it. wifi. if anyone can copy stuff off wifi, so can virus be transmitted through wifi or any open network. usb is just one vector. closing windows and keeping main door open is foolish.

i could go on and on but i got tired just typing so much. so ill leave it at this. Tldr: if security is the main concern, don't allow office laptops to be taken home.

 

[chetansha]

Open the laptop , remove hdd. You know the rest

 

[shady8701]

lets assume your office has such a rule.
1 . why is the office allowing people to take the laptop home? for work? are they giving people overtime for working from home? if not then the employees who work from home without pay are nuts.
2. what's the use of making such stringent IT policy like disabling usb ports so no one can copy and paste only to allow a person to take the system home? looking at it from a security point of view, it is stupid. what dumb person came up with that policy? any security expert knows that once the system is out of your office or hands, it can be compromised.
3 . disabling usb etc is no use. you yourself gave a solution for it. wifi. if anyone can copy stuff off wifi, so can virus be transmitted through wifi or any open network. usb is just one vector. closing windows and keeping main door open is foolish.

i could go on and on but i got tired just typing so much. so ill leave it at this. Tldr: if security is the main concern, don't allow office laptops to be taken home.

Haha, I can't believe you're trying to argue about this. Just cause your company lets you take the laptop home, doesn't really give you the right to do whatever with. By that same logic, if you let your driver drive the car when you're not in it, he gets the right to do modifications to the car as he feels like?

 

[adventureguy]

So the IT department at my company woke up last week and decided that their InfoSec policy does not allow USB drive access. USB drives/ phones connected to the laptop are not recognized anymore.

Unfortunately, I have about ~100 GB of TV shows and movies on my work laptop that I now need to get from there onto my personal laptop/ an external HDD.

1) My user account on the laptop has admin rights.
2) The Group Policy for USB access does not seem to be modified.

View attachment 73743


Questions:
1) Anyway to bypass the USB restriction temporarily so I can move my stuff onto an external HDD?

2) The laptop also has a SD Card Port - any idea if this will also be disabled? I have a MicroSD Card Adapter somewhere, but it will be a pain to find it, so I want someone to confirm this before hunting for it.

3) Will connecting the laptop to another laptop via an Ethernet cable and setting up a homegroup to share data work?


(Posting this thread from my office laptop on office wi-fi )

why are we even debating this? just go to IT guy and he"ll do the rest. stopping all usb access without prior intimation is shitty tho. wonder what manager signed off on this

 

[vyral_143]

Haha, I can't believe you're trying to argue about this. Just cause your company lets you take the laptop home, doesn't really give you the right to do whatever with.

Dunn think his point of post is about giving rights of doing whatever to laptop when taken home. Rather it is about how flawed is this enforcement and there are easy work arounds.[DOUBLEPOST=1518063455][/DOUBLEPOST]

stopping all usb access without prior intimation is shitty tho.

+(1/0)

 

[6pack]

Haha, I can't believe you're trying to argue about this. Just cause your company lets you take the laptop home, doesn't really give you the right to do whatever with. By that same logic, if you let your driver drive the car when you're not in it, he gets the right to do modifications to the car as he feels like?

car =/= laptop. car has insurance. company work files or secrets do not.

what @vyral_143 said. you couldn't even get the point i was making.

 

[nRiTeCh]

lets assume your office has such a rule.
1 . why is the office allowing people to take the laptop home? for work? are they giving people overtime for working from home? if not then the employees who work from home without pay are nuts.
2. what's the use of making such stringent IT policy like disabling usb ports so no one can copy and paste only to allow a person to take the system home? looking at it from a security point of view, it is stupid. what dumb person came up with that policy? any security expert knows that once the system is out of your office or hands, it can be compromised.
3 . disabling usb etc is no use. you yourself gave a solution for it. wifi. if anyone can copy stuff off wifi, so can virus be transmitted through wifi or any open network. usb is just one vector. closing windows and keeping main door open is foolish.

i could go on and on but i got tired just typing so much. so ill leave it at this. Tldr: if security is the main concern, don't allow office laptops to be taken home.

1. So you say if you get payed overtime you wont treat that laptop as your personal. So work from home means when company gives your wifi dongle which is strictly for official purpose that, you will watch primevideos or pornhub or go torrenting right? And then claim that my data got exhausted and get me a recharge.

2. Really? So when you plugin your infected devices and virus spreads into the entire office network then who is gonna pay for losses and who is gonna take its accountability? Companies are not idiots to come with such regulations. Especially now due to ransonware threats nobody's wants to risk anything.
Also if some employee wants to cheat he can very well copy the project and client details and share it with anybody via usb.

Mind it laptops have severe monitoring and tracking as to what data is sent received, accessed websites, sent emails, installed stuff inventory and what not.

3. I gave a very viable option with duo respect to the IT policies without messing with either software or hardware. Wifi connectivity is allowed to any laptop coz its obvious. I didn't mention tampering of hardware or software in any way.

And if via wifi, virus attack occurs then atleast you are in safe security parameters that the wifi is to be blamed & not your usb activity, interfering with group policies, antivirus, firewalls etc etc. You will be refrained from connecting to that network unless its good to go.

Also, as somebody pointed out why do you allow taking your car by the driver to his home? Then isnt it viable for him as well to treat that car as his personal asset as well? Then he can go on a honeymoon or any places with whomsoever and even commit crimes as far as he comes rightaway to your services when you need him. Then may be at his or your fuel expenses.

I work in IT asset & security management team so I'm very well versed with policies, why they are framed and whats the impact and how employees think and their mindsets.
Its for safeguarding organisation and its employees best interest.
Either live with IT or better leave IT!

A tip: when you will come up with your own company do mention that You got no such iT policies and employees are free to mess up with company data, treat laptops and other assets as their own, browse porn, social media, go torrenting, remove hard drives, upgrade rams, swipe hardware with your personal ones, sellent data outside for personal gains and if anything goes wrong nobody will be catched hold off, instead just chill we are here to enjoy... Treat office place the way you want it to.

Its pity on people like who instead of following rules keep arguing and doing their own things against policies and when caught and found culprit just badmouth the brand and policies rather than agreeing what wrong, unprofessional and unethical was done on your part.

Security breach interrogation is the worst thing to happen to any employee as its sure he is gonna loose his job, get blacklisted and may even have to pay compensation and also face legal actions.

This much of an explanation is sufficient for anyone to get aware about why we have such stringent IT policies.

 

[vyral_143]

1. So you say if you get payed overtime you wont treat that laptop as your personal. So work from home means when company gives your wifi dongle which is strictly for official purpose that, you will watch primevideos or pornhub or go torrenting right? And then claim that my data got exhausted and get me a recharge.

2. Really? So when you plugin your infected devices and virus spreads into the entire office network then who is gonna pay for losses and who is gonna take its accountability? Companies are not idiots to come with such regulations. Especially now due to ransonware threats nobody's wants to risk anything.
Also if some employee wants to cheat he can very well copy the project and client details and share it with anybody via usb.

Mind it laptops have severe monitoring and tracking as to what data is sent received, accessed websites, sent emails, installed stuff inventory and what not.

3. I gave a very viable option with duo respect to the IT policies without messing with either software or hardware. Wifi connectivity is allowed to any laptop coz its obvious. I didn't mention tampering of hardware or software in any way.

And if via wifi, virus attack occurs then atleast you are in safe security parameters that the wifi is to be blamed & not your usb activity, interfering with group policies, antivirus, firewalls etc etc. You will be refrained from connecting to that network unless its good to go.

Also, as somebody pointed out why do you allow taking your car by the driver to his home? Then isnt it viable for him as well to treat that car as his personal asset as well? Then he can go on a honeymoon or any places with whomsoever and even commit crimes as far as he comes rightaway to your services when you need him. Then may be at his or your fuel expenses.

I work in IT asset & security management team so I'm very well versed with policies, why they are framed and whats the impact and how employees think and their mindsets.
Its for safeguarding organisation and its employees best interest.
Either live with IT or better leave IT!

A tip: when you will come up with your own company do mention that You got no such iT policies and employees are free to mess up with company data, treat laptops and other assets as their own, browse porn, social media, go torrenting, remove hard drives, upgrade rams, swipe hardware with your personal ones, sellent data outside for personal gains and if anything goes wrong nobody will be catched hold off, instead just chill we are here to enjoy... Treat office place the way you want it to.

Its pity on people like who instead of following rules keep arguing and doing their own things against policies and when caught and found culprit just badmouth the brand and policies rather than agreeing what wrong, unprofessional and unethical was done on your part.

Security breach interrogation is the worst thing to happen to any employee as its sure he is gonna loose his job, get blacklisted and may even have to pay compensation and also face legal actions.

This much of an explanation is sufficient for anyone to get aware about why we have such stringent IT policies.

Again just another post on complete different meaning.

1. where in his post did @6pack advocate doing activities you mentioned ?

2. If soneone wants to share sensitive stuff they can do it via in any other manner than just USB.

3. Even with ransomware attack via any other way than USB, damage is done.

I would refrain from commenting from other part of your post though I have some points.

 

[6pack]

@nRiTeCh,

Just let me make this clear, I'm not singling you or anyone here. Lets not become personal and attack each other but have a good debate on this topic.

My answers:
1. Yes, if i get paid overtime, I won't use that laptop for home use. I don't like to mix office with personal life so I keep different devices. If I got a laptop from office, I wouldn't take it home and even if I took it home, I wouldn't use it for anything personal.

2. Not happening. My personal pc has more security than office pc /laptop. And i run a different os at home - linux. So no, my usb drive won't get virus ever from my pc.

I have friends in IT, and that is a myth that laptops have monitoring software installed on them. IT can only track what websites you see if you use the company internet sharing proxy. Lets suppose your company CEO is so paranoid about what the employee does and has installed a monitoring software. Then - don't use the laptop other than office work, simple. Besides, I don't understand if he is so paranoid about company stuff, why is he allowing people to take the laptop home? Let them stay at office and work OT. Keep all laptops sealed in a room or lock those laptop with those steel cables to the cubicles.

3. Wifi connection/ lan connection / running other os is the same. You're solution is no different than my solution. My solution is better because it does not mess with the installed windows system at all. It just runs off usb and loads the laptop hard drive so that the files can be copied. Wifi / lan are bi-directional and there is no guarantee that virus will be transmitted to the pc from the home network. (not saying OP has bad network policy, just saying that other people may have infected pc's at home or old pirated versions of windows pc's like XP / windows 7 etc).

After this your rant became personal towards me so I won't remark on them even though i have a very good retort.

Don't blame some shitty company's bad IT policies on me. It's the company's fault in the first place that employees are browsing porn etc instead of doing work. You IT should have made it clear from the very beginning before giving the laptop that the laptop is only ment for office work and anything else done on it will have the laptop taken away from the employee.

You're going on and on about virus, but any company can be hacked by a phising email or by social engineering. Does the IT monitor the company CEO's laptop? What if the CEO went to a conference, put an infected drive to view something and came back and infected the whole company network? Still blame employees?

I'm out of this thread. I don't want people blaming me for stupid half assed IT policies. I won't answer any more here.

 

[nRiTeCh]

1 that's what it means right? I have put forth all examples reflecting his thinking.
2 agreed but that's the best you can do, block basic stuffs at least.
3 agreed again its the least that can be done.

No comment further. Lock the thread, close it or trash it! You are the admin your wish.

 

[adventureguy]

One thing ive seen is most people assume that their laptop is free from it guy if the hide files well. But you have to assume that any company laptop contents can be clearly seen by it guy. never store personal stuff in there.

 

[shady8701]

car =/= laptop. car has insurance. company work files or secrets do not.

what @vyral_143 said. you couldn't even get the point i was making.

Agreed, I took your answer in the wrong context, and for that I apologize. However, that still does not make it right for people to try ways to work around said security.