Our company is considering blocking the use of portable USB drives and force users to use OneDrive for Business. We were asked to gather a report showing how many users use USB drives, so in EMS, we enabled "Removable Media Access" and set the option to monitor.
The next day, our support department got a call from an end user indicating they couldn't access their files on their USB drive. Every time they tried clicking on the drive, they got Access Denied.
The tech checked permissions and the user had them.
The tech changed Removable Media Access to the Allow setting, with no change
The tech turned off the Removable Media Access option in EMS with no luck
The tech uninstalled FortiClient with no luck[/ul]
This user had issues accessing all of the USB drives they had. Even the tech with Local Admin permissions couldn't access the files.
The end user was able to change the drive letter and even format the USB stick, but after the format, the user still couldn't access it. The final thing the tech tried was to see if the files could be accessed via the Kaseya management tool, which uses a client side agent that runs as Local System. Luckily, this worked and the tech was able to copy the files to a folder on the local PC.
Today, the tech got another support ticket from another user with the same problem. I suspect the setting we enabled caused Forticlient to hook into something in Windows and borked some permissions, but it certainly didn't happen to everybody. The concerning part is, removing FortiClient doesn't resolve the issue.
Has anyone seen this happen? Any idea how to fix it?
We've had several more tickets roll into our support desk regarding not being able to open USB drives. Some new observations have been made on this front. A user reported that if they connect to VPN, they can open the drive.
The following was a report logged by one of our techs.
"As reported earlier I am able to read my USB drives today but was connected to the VPN. For testing I disconnected from the VPN but was still able to read my USB drives. I went ahead and rebooted and was again blocked from reading my USB drive. Odd!
To further test this strange behavior I reconnected to the VPN and tested my drive. I still could not read my USB drive. What the heck? I ran a gpupdate and it works again."
Today we are going to disable the "Removable Media Access" feature and see if connecting to VPN will enable our users to access their drives again, while not being on VPN.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.