From 12b713411d24bb0df9495cf532f6d0010c8d0914 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 13 Apr 2020 15:29:01 -0700 Subject: [PATCH 1/4] Update monitor-the-use-of-removable-storage-devices.md Removable storage note per CSS --- .../monitor-the-use-of-removable-storage-devices.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 18d2e3d8c2..870101a427 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: --- # Monitor the use of removable storage devices @@ -28,7 +28,9 @@ If you configure this policy setting, an audit event is generated each time a us Use the following procedures to monitor the use of removable storage devices and to verify that the devices are being monitored. ->**Note:**  Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. +Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. + +> [!NOTE] When a policy to audit removable storage is pushed to a computer, a new [Security Descriptor](https://docs.microsoft.com/en-us/windows/win32/secauthz/audit-generation) needs to be applied to all removable storage devices with the audit settings. The [security descriptor for a device](https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/controlling-device-access) can be set up either when the device is installed, or by setting up the [device properties in the registry](https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/setting-device-object-registry-properties-after-installation), which is done by calling a [device installation function](https://docs.microsoft.com/en-us/previous-versions/ff541299). This may require the device to restart to apply the new security descriptor. **To configure settings to monitor removable storage devices** From 61b0ffb053f509534fa61099a7b8ed8e69b2438d Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 13 Apr 2020 15:58:44 -0700 Subject: [PATCH 2/4] Update monitor-the-use-of-removable-storage-devices.md --- .../auditing/monitor-the-use-of-removable-storage-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 870101a427..1188b932e6 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -30,7 +30,7 @@ Use the following procedures to monitor the use of removable storage devices and Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -> [!NOTE] When a policy to audit removable storage is pushed to a computer, a new [Security Descriptor](https://docs.microsoft.com/en-us/windows/win32/secauthz/audit-generation) needs to be applied to all removable storage devices with the audit settings. The [security descriptor for a device](https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/controlling-device-access) can be set up either when the device is installed, or by setting up the [device properties in the registry](https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/setting-device-object-registry-properties-after-installation), which is done by calling a [device installation function](https://docs.microsoft.com/en-us/previous-versions/ff541299). This may require the device to restart to apply the new security descriptor. +> [!NOTE] When a policy to audit removable storage is pushed to a computer, a new [Security Descriptor](https://docs.microsoft.com/windows/win32/secauthz/audit-generation) needs to be applied to all removable storage devices with the audit settings. The [security descriptor for a device](https://docs.microsoft.com/windows-hardware/drivers/kernel/controlling-device-access) can be set up either when the device is installed, or by setting up the [device properties in the registry](https://docs.microsoft.com/windows-hardware/drivers/kernel/setting-device-object-registry-properties-after-installation), which is done by calling a [device installation function](https://docs.microsoft.com/previous-versions/ff541299). This may require the device to restart to apply the new security descriptor. **To configure settings to monitor removable storage devices** From c5b2ef0657b7179036b7464c1d417dbb0b6ac907 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 16 Apr 2020 14:59:38 -0700 Subject: [PATCH 3/4] Update monitor-the-use-of-removable-storage-devices.md fix note style --- .../auditing/monitor-the-use-of-removable-storage-devices.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 1188b932e6..ee4ffad617 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -30,7 +30,8 @@ Use the following procedures to monitor the use of removable storage devices and Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. -> [!NOTE] When a policy to audit removable storage is pushed to a computer, a new [Security Descriptor](https://docs.microsoft.com/windows/win32/secauthz/audit-generation) needs to be applied to all removable storage devices with the audit settings. The [security descriptor for a device](https://docs.microsoft.com/windows-hardware/drivers/kernel/controlling-device-access) can be set up either when the device is installed, or by setting up the [device properties in the registry](https://docs.microsoft.com/windows-hardware/drivers/kernel/setting-device-object-registry-properties-after-installation), which is done by calling a [device installation function](https://docs.microsoft.com/previous-versions/ff541299). This may require the device to restart to apply the new security descriptor. +> [!NOTE] +> When a policy to audit removable storage is pushed to a computer, a new [Security Descriptor](https://docs.microsoft.com/windows/win32/secauthz/audit-generation) needs to be applied to all removable storage devices with the audit settings. The [security descriptor for a device](https://docs.microsoft.com/windows-hardware/drivers/kernel/controlling-device-access) can be set up either when the device is installed, or by setting up the [device properties in the registry](https://docs.microsoft.com/windows-hardware/drivers/kernel/setting-device-object-registry-properties-after-installation), which is done by calling a [device installation function](https://docs.microsoft.com/previous-versions/ff541299). This may require the device to restart to apply the new security descriptor. **To configure settings to monitor removable storage devices** From 9d82bfa6dca671e99de8826d753a05048d6fc425 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 29 Apr 2020 14:05:08 -0700 Subject: [PATCH 4/4] Applied [!NOTE] style --- .../monitor-the-use-of-removable-storage-devices.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index ee4ffad617..30ed1af8fc 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -49,7 +49,8 @@ After you configure the settings to monitor removable storage devices, use the f 1. Sign in to the computer that hosts the resources that you want to monitor. Press the Windows key + R, and then type **cmd** to open a Command Prompt window. - >**Note:**  If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. + > [!NOTE] + > If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. 2. Type **gpupdate /force**, and press ENTER. 3. Connect a removable storage device to the targeted computer and attempt to copy a file that is protected with the Removable Storage Audit policy. @@ -59,7 +60,8 @@ After you configure the settings to monitor removable storage devices, use the f Key information to look for includes the name and account domain of the user who attempted to access the file, the object that the user is attempting to access, resource attributes of the resource, and the type of access that was attempted. - >**Note:**  We do not recommend that you enable this category on a file server that hosts file shares on a removable storage device. When Removable Storage Auditing is configured, any attempt to access the removable storage device will generate an audit event. + > [!NOTE] + > We do not recommend that you enable this category on a file server that hosts file shares on a removable storage device. When Removable Storage Auditing is configured, any attempt to access the removable storage device will generate an audit event. ### Related resource