Limit usb ports by time?

Bokeh

Company invested in some Verizon 4G LTE cards for some personnel who travel from office to office on a weekly basis. Since they are the only ones who go to these offices, it did not make sense to install cable/dsl when it is only used 1-2 days a week. Here is the problem. Some of the people are leaving the cards plugged in overnight, and downloading updates to their databases, etc. So Im being tasked to find a way to limit their usage to 7am-7pm Mon-Fri. I have already talked with Verizon, and they do not offer any way to limit access. Anyone have any ideas on how to turn off the USB ports at certain time and back on next day? Probably a long shot, but thought I would ask.

RobertKaucher

Talk to the provider. I would not be surprised if Verizon could not assist you with this.

Bokeh

Ive already spoken with Verizon, no go. Nothing built into their software and nothing they can do on their end.

demonfurbie

just a thought couldnt ya set a task to shutdown the computer at night

cyberguypr

Establish a policy. "4G cards are for business hours use only. Extended usage beyond X time will be billed to the user." Problem solved.

crrussell3

Most usb blocking software I know of is all or nothing. Haven't seen one that is time based.

You could always create a scheduled task that runs during the times you don't want them to use the aircard and have it kill the service periodically (or at least once to keep it from being on all night long).

Do they use a vpn to connect to the company intranet? If so, limit their vpn to only the hours you want them to vpn in. Then like cyberguypr suggested, put out a corporate memo about usage after hours so they aren't using it for personal use.

Akaricloud

Lets think about this a different way.

Why not just restrict access to the Verizon software that it uses to connect at night? -Seems like a simpler task to me and leaves users able to plug in flash drives, ect after hours.

You could also restrict the network adapter that it uses(assuming it uses one like the 4G cards I've had).

MiikeB

How about looking in to some of the software solutions that exist for parents to limit the hours children can be on the internet?

MAC_Addy

OP - I feel your pain. Most of our employees have access to Verizon air cards and usually end up going over their allotted 5GB. Which, for personal use I could see that being rather low. But, for business use is plenty. We have many people that go over by around 5GB or 10GB at a time. They claim not to know. But I pointed out to them that they're given a data usage popup every time they connect.

bub9001

You can set a Group Policy under Active Directory to log them off after a set time, and once they are logged off you can set group policy to not allow login till said time. I am pretty sure you can even set this at a local level if you don't administrate GP via AD.

blargoe

crrussell3 wrote: »

Most usb blocking software I know of is all or nothing. Haven't seen one that is time based.

Only think I can think of here is to use a desktop management solution that includes USB security. Desktop Authority is the only one that comes to mind, but I'm sure there are others. DA has time based policies.

cyberguypr

They way I understand this the OP wants to restrict USB ports only, not access to the whole machine.

WafflesAndRootbeer

If you're using BITS with the software, you can set a policy to only allow transfers during certain times of the day or whatever, as you require.

inscom.brigade

bub9001 wrote: »

You can set a Group Policy under Active Directory to log them off after a set time, and once they are logged off you can set group policy to not allow login till said time. I am pretty sure you can even set this at a local level if you don't administrate GP via AD.

This is the correct answer isn't it, simple and effective.

ptilsen

No, GPO to prevent log on does not meet the need since it is to prevent air card usage, not laptop usage.

A scheduled task to kill the service/software after 7:00pm would work perfectly. A simple net stop or taskkill command on a task that runs based on a trigger of the service and/or executable opening during the required time frame would work. You can even deploy the task via GPO.

inscom.brigade

ptilsen wrote: »

No, GPO to prevent log on does not meet the need since it is to prevent air card usage, not laptop usage.

I think that you did not see the first part, he said, use AD to schedule a shut down GPO. If AD,GPO schedule that the USB is shutdown at a certain time every evening and come on in the morning. The point of preventing logon would be redundancey.

Bokeh

I did find one software that would work out to be about 62 cents/month per machine, but the idea was shot down. TSKILL works, I just need to find a way to limit by time now. These 10 machines do not connect to our main server at all, so using AD is out.