This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Power Users Administrators and Interactive Users Default: This policy is not defined and only Administrators have this ability. Countermeasure: Configure the Devices: Allowed to format and eject removable media setting to Administrators. Potential Impact: Only Administrators will be able to format and eject removable media. If users are in the habit of using removable media for file transfers and storage, they will need to be informed of the change in policy. Fix: (1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsDevices: Allowed to format and eject removable media (2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon!AllocateDASD

[administrators/administrators_and_power_users/administrators_and_the_interactive_user]

(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media (2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon!AllocateDASD