On occasion, a file may need to be written to a flash drive. This is blocked by group policy for all users. Formerly, there was an AD group named USBEnable that was used to control this access on the user level. USB restrictions are now at the machine level.
As of January 2022, consult our Sophos administrator as the ability to use flash drives is now controlled on the Sophos endpoint (data loss prevention). You may just need to log into your computer as your DAA account in order to write to the flash drive. If you get a permissions error, you might need to Update in Sophos Endpoint to pick up the right permissions. If it still fails, contact your local neighborhood Sophos administrator.
Alternatively, if the flash drive is not company property, the user can plug it into a personal computer and format the drive if they want to delete files off of it.
If it is company property, you can ask the user to return it to the IT department for wiping and disposal or repurposing.
OLD notes:
Previously, it was thought that putting the user's computer in the NOGPO* OU in Active Directory and rebooting would allow this access. However, we have found that this breaks email.
The only way to enable write access to a jump drive without breaking email is to put the user's computer AND user account in the IT OU in Active Directory, then do a gpupdate /force or have them log off and back on, or just reboot. Additionally, rights may need to be granted in Sophos Endpoint Protection - consult your local Sophos admin for assistance.
As soon as the files are copied, remove the user and computer from the IT OU and move back to the appropriate groups.
Alternatively, if all else fails, the user can log into https://mailsafe.perimeterusa.com to create a secure email with an attachment of up to 50 MB in size.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article