# windows 2008 server R2 SP1 group policy does not apply to windows xp machines



## priyamvaidya (Aug 19, 2008)

hi

my network consist of a single windows 2008 R2 Sp1 server and 15 client computers. Out of this 15 clients 13 are windows xp and 2 are windows 7 computers

i am trying to block usb, and cd drive access to al the 13 windows xp client computer through group policy... i enable the setting that says "block read access to all removable media" and then run the command gpupdate on all the xp client. however this setting did not apply on xp client

when i tried the same setting on windows 7 computers , the setting work great.

*"when i click the setting it say the setting only applies to windows vista and above systems"*

can anybody guide me on how to apply this setting to windows xp computers through group policy...

i also downloded a .adm file from the internet for this, however it also did not work on xp machines... 

i also have a option of disabling usb through device manager, but i want to do this through group policy. can anyone let me know the possible solution to this.

other policy settings like block command prompt and block registry editing are working fine on all the client including windows xp.


----------



## Dave Atkin (Sep 4, 2009)

Did you install the client side GPO extensions for XP?

Download Details - Microsoft Download Center - Group Policy Preference Client Side Extensions for Windows XP (KB943729)

Dave


----------



## cluberti (Aug 26, 2010)

The settings in GPO that lock down device access do not apply to XP because XP has no code built-in to do this. This is the reason 3rd pary products that did this for XP existed. You won't magically make XP do something it cannot by attempting to apply a group policy not designed for it :wink:.


----------



## priyamvaidya (Aug 19, 2008)

@Dave Atkin

i did apply that, but its of no use for what i wanted to do


----------



## priyamvaidya (Aug 19, 2008)

@cluberti

thanks for your reply.... i will go with the other solutions that i have... i.e. disabling this ports though device manager and only allow administrator to change it for windows xp machines.... i think this wil be a good solution as i do not want to install any new third party softwares that can block this access....


----------

