{"id":263459,"date":"2024-05-29T23:23:42","date_gmt":"2024-05-29T23:23:42","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&#038;p=263459"},"modified":"2024-05-29T23:23:42","modified_gmt":"2024-05-29T23:23:42","slug":"gerer-les-autorisations-d-acces-aux-lecteurs-amovibles-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/fr\/script-hub\/gerer-les-autorisations-d-acces-aux-lecteurs-amovibles-powershell\/","title":{"rendered":"G\u00e9rer les autorisations d&rsquo;acc\u00e8s aux lecteurs amovibles : un guide PowerShell"},"content":{"rendered":"<h2>Points \u00e0 retenir<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Automatise les autorisations des appareils<\/strong>: Le script simplifie et optimise le processus de d\u00e9finition des autorisations sur les p\u00e9riph\u00e9riques de stockage amovibles.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Prise en charge de plusieurs appareils<\/strong>: Il couvre une multitude d&rsquo;appareils, notamment USB, DVD, disquette, lecteur de bande et appareil portable Windows (WPD).<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>N\u00e9cessite des droits d&rsquo;administrateur<\/strong>: L&rsquo;ex\u00e9cution du script n\u00e9cessite des privil\u00e8ges d&rsquo;administrateur.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Modifie les param\u00e8tres du registre<\/strong>: Il ajuste les autorisations en modifiant des cl\u00e9s et des valeurs sp\u00e9cifiques du registre.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><strong>Assurer la conformit\u00e9 et la s\u00e9curit\u00e9<\/strong>: Id\u00e9al pour les environnements o\u00f9 la s\u00e9curit\u00e9 des donn\u00e9es et la conformit\u00e9 sont cruciales.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><strong>Contr\u00f4le flexible<\/strong>: Permet de refuser et d&rsquo;autoriser des actions de lecture, d&rsquo;\u00e9criture et d&rsquo;ex\u00e9cution.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"7\" data-aria-level=\"1\"><strong>Mise \u00e0 jour de la strat\u00e9gie de groupe et red\u00e9marrage<\/strong>: Il se termine par une mise \u00e0 jour de la strat\u00e9gie de groupe et un red\u00e9marrage facultatif du syst\u00e8me.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"8\" data-aria-level=\"1\"><strong>Risque de restriction excessive<\/strong>: L&rsquo;application de politiques trop restrictives risque d&rsquo;entraver les flux de travail.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"9\" data-aria-level=\"1\"><strong>Int\u00e9gration \u00e0 NinjaOne<\/strong>: Compl\u00e8te des plateformes comme NinjaOne pour une gestion et une s\u00e9curit\u00e9 informatiques plus larges.<\/li>\n<\/ul>\n<p>La gestion de l&rsquo;acc\u00e8s aux p\u00e9riph\u00e9riques de stockage amovibles est un aspect essentiel de la s\u00e9curit\u00e9 informatique. Cette responsabilit\u00e9 est particuli\u00e8rement prononc\u00e9e dans les environnements o\u00f9 la s\u00e9curit\u00e9 et l&rsquo;int\u00e9grit\u00e9 des donn\u00e9es sont primordiales. Les scripts PowerShell, comme celui que nous pr\u00e9sentons ici, constituent une solution performante pour contr\u00f4ler efficacement ces autorisations.<\/p>\n<h2>Contexte<\/h2>\n<p>Le script en question est con\u00e7u pour activer ou d\u00e9sactiver l&rsquo;acc\u00e8s en lecture, en \u00e9criture et en ex\u00e9cution \u00e0 divers p\u00e9riph\u00e9riques de stockage amovibles, notamment les lecteurs de disquettes, les lecteurs de CD\/DVD, les lecteurs de bandes, les appareils portables Windows (WPD) et les lecteurs USB. Cette fonctionnalit\u00e9 est essentielle pour les professionnels de l&rsquo;informatique et les <a href=\"https:\/\/www.ninjaone.com\/fr\/quest-ce-quun-msp\" target=\"_blank\" rel=\"noopener\">fournisseurs de services g\u00e9r\u00e9s (MSP)<\/a> qui doivent appliquer des politiques de s\u00e9curit\u00e9 des donn\u00e9es, pr\u00e9venir les <a href=\"https:\/\/www.ninjaone.com\/fr\/blog\/sauvegarde-anti-ransomware-comment-prevenir-les-catastrophes\/\" target=\"_blank\" rel=\"noopener\">fuites de donn\u00e9es<\/a> ou se conformer aux normes r\u00e9glementaires.<\/p>\n<h2>Le script :<\/h2>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\">#Requires -Version 2.0\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    Disable or Enable Write, Read, and Execute access to Removable Storage devices.\r\n.DESCRIPTION\r\n    Disable or Enable Write, Read, and Execute access to Floppy, CD\/DVD, Tape, WPD, and\/or USB.\r\n    Disable actions are does first, then allow actions are done after.\r\n.EXAMPLE\r\n     -Device DVD -DenyRead -DenyWrite -DenyExecute\r\n    Disable Write, Read, and Execute access to CD\/DVD drive.\r\n.EXAMPLE\r\n     -Device DVD -AllowRead -AllowWrite -AllowExecute\r\n    Allow Write, Read, and Execute access to CD\/DVD drive.\r\n.EXAMPLE\r\n     -Device DVD -DenyWrite -DenyExecute -AllowRead\r\n    Disable Write, Read, and Execute access to CD\/DVD drive, but Allow Read.\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 7, Windows Server 2012\r\n    Local Group Policy updates like this requires the computer to rebooted.\r\n    Release Notes: Renamed script and added Script Variable support\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n.COMPONENT\r\n    DataIOSecurity\r\n#&gt;\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    # Supported devices Floppy, DVD, Tape, WPD, USB\r\n    [String[]]\r\n    $Device,\r\n    [switch]\r\n    $DenyRead = [System.Convert]::ToBoolean($env:DenyRead),\r\n    [switch]\r\n    $DenyWrite = [System.Convert]::ToBoolean($env:DenyWrite),\r\n    [switch]\r\n    $DenyExecute = [System.Convert]::ToBoolean($env:DenyExecute),\r\n    [switch]\r\n    $AllowRead = [System.Convert]::ToBoolean($env:AllowRead),\r\n    [switch]\r\n    $AllowWrite = [System.Convert]::ToBoolean($env:AllowWrite),\r\n    [switch]\r\n    $AllowExecute = [System.Convert]::ToBoolean($env:AllowExecute),\r\n    [switch]\r\n    $ForceReboot = [System.Convert]::ToBoolean($env:ForceReboot)\r\n)\r\n\r\nbegin {\r\n    function Test-StringEmpty {\r\n        param([string]$Text)\r\n        # Returns true if string is empty, null, or whitespace\r\n        process { [string]::IsNullOrEmpty($Text) -or [string]::IsNullOrWhiteSpace($Text) }\r\n    }\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n    $RegSettings = @(\r\n        [PSCustomObject]@{\r\n            Name        = \"Floppy\"\r\n            BasePath    = \"HKLM:\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}\"\r\n            DenyExecute = \"Deny_Execute\"\r\n            DenyWrite   = \"Deny_Write\"\r\n            DenyRead    = \"Deny_Read\"\r\n        },\r\n        [PSCustomObject]@{\r\n            Name        = \"DVD\"\r\n            BasePath    = \"HKLM:\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\"\r\n            DenyExecute = \"Deny_Execute\"\r\n            DenyWrite   = \"Deny_Write\"\r\n            DenyRead    = \"Deny_Read\"\r\n        },\r\n        [PSCustomObject]@{\r\n            Name        = \"Tape\"\r\n            BasePath    = \"HKLM:\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}\"\r\n            DenyExecute = \"Deny_Execute\"\r\n            DenyWrite   = \"Deny_Write\"\r\n            DenyRead    = \"Deny_Read\"\r\n        },\r\n        [PSCustomObject]@{\r\n            Name      = \"WPD\"\r\n            BasePath  = \"HKLM:\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{6AC27878-A6FA-4155-BA85-F98F491D4F33}\"\r\n            DenyWrite = \"Deny_Write\"\r\n            DenyRead  = \"Deny_Read\"\r\n        },\r\n        [PSCustomObject]@{\r\n            Name      = \"WPD\"\r\n            BasePath  = \"HKLM:\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}\"\r\n            DenyWrite = \"Deny_Write\"\r\n            DenyRead  = \"Deny_Read\"\r\n        },\r\n        [PSCustomObject]@{\r\n            Name        = \"USB\"\r\n            BasePath    = \"HKLM:\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\"\r\n            DenyExecute = \"Deny_Execute\"\r\n            DenyWrite   = \"Deny_Write\"\r\n            DenyRead    = \"Deny_Read\"\r\n        }\r\n    )\r\n    $Device = if ($(Test-StringEmpty -Text $env:Device)) { $Device }else { $env:Device }\r\n\r\n    if ($(Test-StringEmpty -Text $Device)) {\r\n        Write-Error \"Device is required.\"\r\n        exit 1\r\n    }\r\n    if ((-not $DenyRead -and -not $DenyWrite -and -not $DenyExecute) -and (-not $AllowRead -and -not $AllowWrite -and -not $AllowExecute)) {\r\n        Write-Error \"At least one Deny or Allow is required.\"\r\n        exit 1\r\n    }\r\n}\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Split any string that has a comma and validate types of devices\r\n    $Device = $Device | ForEach-Object {\r\n        $_ -split ',' | ForEach-Object {\r\n            \"$_\".Trim()\r\n        }\r\n    } | Where-Object { $_ -in \"Floppy\", \"DVD\", \"Tape\", \"WPD\", \"USB\" }\r\n\r\n    try {\r\n        $Device | ForEach-Object {\r\n            $CurDevice = $_\r\n            # Loop through each item in $RegSettings and work on the current device($Device)\r\n            $RegSettings | Where-Object { $_.Name -in $CurDevice } | ForEach-Object {\r\n                $CurRegSetting = $_\r\n                $Path = $CurRegSetting.BasePath\r\n\r\n                # Build Deny list\r\n                $Deny = [System.Collections.ArrayList]::new() # Older PowerShell compatible Lists\r\n                if ($DenyRead) { $Deny.Add(\"Read\") | Out-Null }\r\n                if ($DenyWrite) { $Deny.Add(\"Write\") | Out-Null }\r\n                if ($DenyExecute) { $Deny.Add(\"Execute\") | Out-Null }\r\n                # Build Allow list\r\n                $Allow = [System.Collections.ArrayList]::new() # Older PowerShell compatible Lists\r\n                if ($AllowRead) { $Allow.Add(\"Read\") | Out-Null }\r\n                if ($AllowWrite) { $Allow.Add(\"Write\") | Out-Null }\r\n                if ($AllowExecute) { $Allow.Add(\"Execute\") | Out-Null }\r\n\r\n                # Loop though each $Deny item passed\r\n                $Deny | ForEach-Object {\r\n                    $CurDeny = $_\r\n                    # Only act on what we have, like WPD where we only have Deny_Write and Deny_Read\r\n                    # $CurRegSetting.\"Deny$CurDeny\" is a method of access a property\r\n                    if ($CurRegSetting.\"Deny$CurDeny\") {\r\n                        $CurDenyType = $CurRegSetting.\"Deny$CurDeny\"\r\n                        # Check if we need to create the path\r\n                        if (-not (Test-Path -Path $Path -ErrorAction SilentlyContinue)) {\r\n                            New-Item -Path ($Path | Split-Path -Parent) -Name ($Path | Split-Path -Leaf) -Force -Confirm:$false | Out-Null\r\n                            Write-Host \"Creating path: $($Path)\"\r\n                        }\r\n                        # Check if the property already exists and update it or create the property\r\n                        if ((Get-ItemProperty -Path $Path -Name $CurDenyType -ErrorAction SilentlyContinue).\"$CurDenyType\") {\r\n                            Set-ItemProperty -Path $Path -Name $CurDenyType -Value 1 -Force -Confirm:$false | Out-Null\r\n                            Write-Host \"Setting $($Path)\/$CurDenyType to 1\"\r\n                        }\r\n                        else {\r\n                            New-ItemProperty -Path $Path -Name $CurDenyType -Value 1 -PropertyType \"DWORD\" -Force -Confirm:$false | Out-Null\r\n                            Write-Host \"Creating and Setting $($Path)\/$CurDenyType to 1\"\r\n                        }\r\n                        Write-Host \"Deny $CurDeny for $CurDevice set to $((Get-ItemProperty -Path $Path -Name $CurDenyType -ErrorAction SilentlyContinue).\"$CurDenyType\")\"\r\n                    }\r\n                    else {\r\n                        # Skipping this as we don't have Deny_Execute for WPD\r\n                        Write-Host \"Skipping $($CurRegSetting.\"Deny$CurDeny\")\"\r\n                    }\r\n                }\r\n                # Loop though each $Allow item passed\r\n                $Allow | ForEach-Object {\r\n                    $CurAllow = $_\r\n                    # Only act on what we have, like WPD where we only have Deny_Write and Deny_Read\r\n                    # $CurRegSetting.\"Deny$CurAllow\" is a method to access a property\r\n                    if ($CurRegSetting.\"Deny$CurAllow\") {\r\n                        $CurAllowType = $CurRegSetting.\"Deny$CurAllow\"\r\n                        # Check if the property already exists and update it or create the property\r\n                        if ((Get-ItemProperty -Path $Path -Name $CurAllowType -ErrorAction SilentlyContinue).\"$CurAllowType\") {\r\n                            Set-ItemProperty -Path $Path -Name $CurAllowType -Value 0 -Force -Confirm:$false | Out-Null\r\n                            Write-Host \"Setting $($Path)\/$CurAllowType to 0\"\r\n                        }\r\n                        Write-Host \"Allow access for $CurDevice\"\r\n                    }\r\n                    else {\r\n                        # Skipping this as we don't have Deny_Execute for WPD\r\n                        Write-Host \"Skipping $($CurRegSetting.\"Deny$CurAllow\")\"\r\n                    }\r\n                }\r\n            }\r\n        }\r\n        \r\n\r\n        Write-Host \"Running: gpupdate.exe \/force\"\r\n        gpupdate.exe \/force\r\n        Write-Host \"Completed Running: gpupdate.exe \/force\"\r\n        Write-Host \"Computer will need to be rebooted for changes to take effect.\"\r\n\r\n        if ($ForceReboot) {\r\n            shutdown.exe -r -t 60\r\n        }\r\n        else {\r\n            Write-Host \"Computer will need to be rebooted to see changes.\"\r\n        }\r\n        exit 0\r\n    }\r\n    catch {\r\n        Write-Error $_\r\n        exit 1\r\n    }\r\n}\r\nend {\r\n    \r\n    \r\n    \r\n}<\/pre>\n<p>&nbsp;<\/p>\n\n<div class=\"in-context-cta\"><p style=\"text-align: center;\">Acc\u00e9dez \u00e0 plus de 700\u00a0scripts dans le Dojo NinjaOne<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.ninjaone.com\/fr\/phase-de-test-gratuit\/\">Obtenir l&rsquo;acc\u00e8s<\/a><\/p>\n<\/div>\n<h2>Description d\u00e9taill\u00e9e<\/h2>\n<p>Le script fonctionne en plusieurs phases distinctes :<\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>D\u00e9finition des param\u00e8tres<\/strong>: Il commence par d\u00e9finir des param\u00e8tres pour diff\u00e9rents types de p\u00e9riph\u00e9riques et d&rsquo;actions (refuser ou autoriser la lecture, l&rsquo;\u00e9criture, l&rsquo;ex\u00e9cution).<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Contr\u00f4les pr\u00e9alables \u00e0 l&rsquo;ex\u00e9cution<\/strong>: Il comprend des fonctions permettant de v\u00e9rifier la pr\u00e9sence de cha\u00eenes vides et de v\u00e9rifier si le script est ex\u00e9cut\u00e9 avec des privil\u00e8ges \u00e9lev\u00e9s (administrateur).<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Ajustement des param\u00e8tres du registre<\/strong>: La fonctionnalit\u00e9 principale consiste \u00e0 modifier les param\u00e8tres du registre pour chaque type d&rsquo;appareil. Ces param\u00e8tres d\u00e9terminent les autorisations pour chaque action (lecture, \u00e9criture, ex\u00e9cution).<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Logique d&rsquo;ex\u00e9cution<\/strong>: Le script cr\u00e9e ou modifie les cl\u00e9s et les valeurs du registre en fonction des param\u00e8tres d&rsquo;entr\u00e9e. Il peut d\u00e9finir des autorisations pour refuser ou autoriser des actions sur les dispositifs sp\u00e9cifi\u00e9s.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Derni\u00e8res \u00e9tapes<\/strong>: Le script se termine par la mise \u00e0 jour des strat\u00e9gies de groupe \u00e0 l&rsquo;aide de <strong>gpupdate.exe<\/strong> et, \u00e9ventuellement, par un red\u00e9marrage du syst\u00e8me pour que les modifications soient prises en compte.<\/li>\n<\/ul>\n<h2>Cas d&rsquo;utilisation potentiels<\/h2>\n<p>Pensez \u00e0 une soci\u00e9t\u00e9 financi\u00e8re qui doit respecter des r\u00e8gles strictes en mati\u00e8re de s\u00e9curit\u00e9 des donn\u00e9es. Un administrateur informatique peut utiliser ce script pour d\u00e9sactiver l&rsquo;acc\u00e8s en \u00e9criture aux lecteurs USB sur tous les postes de travail des employ\u00e9s, emp\u00eachant ainsi la copie de donn\u00e9es sensibles sur des p\u00e9riph\u00e9riques externes.<\/p>\n<h2>Comparaisons<\/h2>\n<p>Les m\u00e9thodes traditionnelles de configuration des autorisations des appareils peuvent impliquer des modifications manuelles du registre ou des configurations de strat\u00e9gie de groupe. Ce script automatise ces processus, ce qui r\u00e9duit la marge d&rsquo;erreur et permet de gagner du temps.<\/p>\n<h2>FAQ<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Le script est-il compatible avec toutes les versions de Windows ?<\/strong>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">Il est compatible avec Windows 7 et les versions plus r\u00e9centes, y compris les \u00e9ditions pour serveur.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><strong>Peut-il contr\u00f4ler l&rsquo;acc\u00e8s aux lecteurs du r\u00e9seau ?<\/strong>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\">Non, il s&rsquo;agit sp\u00e9cifiquement des p\u00e9riph\u00e9riques de stockage amovibles.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><strong>Le script n\u00e9cessite-t-il des droits d&rsquo;administration ?<\/strong>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\">Oui, il doit \u00eatre ex\u00e9cut\u00e9 avec des privil\u00e8ges d&rsquo;administrateur.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Implications<\/h2>\n<p>Bien que ce script est un outil puissant pour renforcer la s\u00e9curit\u00e9 des donn\u00e9es, il comporte \u00e9galement le risque de restreindre l&rsquo;acc\u00e8s de mani\u00e8re trop stricte, ce qui pourrait entraver les flux de travail l\u00e9gitimes. Il est essentiel de trouver un \u00e9quilibre entre les besoins de s\u00e9curit\u00e9 et les exigences op\u00e9rationnelles.<\/p>\n<h2>Recommandations<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"7\" data-aria-level=\"1\"><strong>Testez le script dans un environnement contr\u00f4l\u00e9<\/strong> avant de le d\u00e9ployer \u00e0 grande \u00e9chelle.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"8\" data-aria-level=\"1\"><strong>Documentez toutes les modifications apport\u00e9es<\/strong> \u00e0 l&rsquo;aide du script pour r\u00e9f\u00e9rence ult\u00e9rieure.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"9\" data-aria-level=\"1\"><strong>R\u00e9visez et mettez \u00e0 jour r\u00e9guli\u00e8rement les politiques d&rsquo;acc\u00e8s<\/strong> pour les adapter \u00e0 l&rsquo;\u00e9volution des besoins en mati\u00e8re de s\u00e9curit\u00e9.<\/li>\n<\/ul>\n<h2>Conclusion :<\/h2>\n<p>Face la dynamicit\u00e9 du secteur informatique, des outils comme NinjaOne peuvent compl\u00e9ter des scripts de ce type en fournissant une <a href=\"https:\/\/www.ninjaone.com\/fr\/\">plateforme int\u00e9gr\u00e9e pour la gestion des op\u00e9rations informatiques<\/a>, y compris les configurations de s\u00e9curit\u00e9. La capacit\u00e9 de NinjaOne \u00e0 centraliser les t\u00e2ches de gestion garantit que les politiques de s\u00e9curit\u00e9 sont appliqu\u00e9es de mani\u00e8re coh\u00e9rente dans l&rsquo;ensemble de l&rsquo;infrastructure informatique, am\u00e9liorant ainsi la s\u00e9curit\u00e9 globale et <a href=\"https:\/\/www.ninjaone.com\/fr\/efficacite\/\" target=\"_blank\" rel=\"noopener\">l&rsquo;efficacit\u00e9<\/a> op\u00e9rationnelle.<\/p>\n","protected":false},"author":35,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4287],"class_list":["post-263459","script_hub","type-script_hub","status-publish","hentry","script_hub_category-windows","use_cases-configuration-de-systeme"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/script_hub\/263459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/comments?post=263459"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/media?parent=263459"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/operating_system?post=263459"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/use_cases?post=263459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}