CCE-36135-2Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Removable Disks: Deny write access
This policy setting denies write access to removable disks.
If you enable this policy setting, write access will be denied to this removable storage class.
If you disable or do not configure this policy setting, write access will be allowed to this removable storage class.
NOTE: To require that users write data to BitLocker-protected storage enable the policy setting 'Deny write access to drives not protected by BitLocker' located in 'Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionRemovable Data Drives.'
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemRemovable Storage Access!Removable Disks: Deny write access
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsRemovableStorageDevices!Deny_Write
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.1 | Attack Vector: PHYSICAL |
Exploit Score: 0.9 | Attack Complexity: LOW |
Impact Score: 5.2 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27324 |