Our company is considering blocking the use of portable USB drives and force users to use OneDrive for Business. We were asked to gather a report showing how many users use USB drives, so in EMS, we enabled "Removable Media Access" and set the option to monitor.
The next day, our support department got a call from an end user indicating they couldn't access their files on their USB drive. Every time they tried clicking on the drive, they got Access Denied.
[ul]
This user had issues accessing all of the USB drives they had. Even the tech with Local Admin permissions couldn't access the files.
The end user was able to change the drive letter and even format the USB stick, but after the format, the user still couldn't access it. The final thing the tech tried was to see if the files could be accessed via the Kaseya management tool, which uses a client side agent that runs as Local System. Luckily, this worked and the tech was able to copy the files to a folder on the local PC.
Today, the tech got another support ticket from another user with the same problem. I suspect the setting we enabled caused Forticlient to hook into something in Windows and borked some permissions, but it certainly didn't happen to everybody. The concerning part is, removing FortiClient doesn't resolve the issue.
Has anyone seen this happen? Any idea how to fix it?
Denny
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
We've had several more tickets roll into our support desk regarding not being able to open USB drives. Some new observations have been made on this front. A user reported that if they connect to VPN, they can open the drive.
The following was a report logged by one of our techs.
"As reported earlier I am able to read my USB drives today but was connected to the VPN. For testing I disconnected from the VPN but was still able to read my USB drives. I went ahead and rebooted and was again blocked from reading my USB drive. Odd!
To further test this strange behavior I reconnected to the VPN and tested my drive. I still could not read my USB drive. What the heck? I ran a gpupdate and it works again."
Today we are going to disable the "Removable Media Access" feature and see if connecting to VPN will enable our users to access their drives again, while not being on VPN.
gpupdate
This sounds like windows, if you gpedit and look at the settings in windows, what do you see? Also is this windows10?
Also does fortcilient show any logs? or windows event logging ?
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1678 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.