question

scottman99-3098 avatar image
0 Votes"
scottman99-3098 asked SeeyaXi-msft answered

Win 10 Enterprise IoT

Just purchased some HP TC's w/ Win 10 IoT LTSC. I noticed right out of the box that the Standard User account has the inability to use usb flash drives and usb-cdrom devices. Logging in as Admin I have access to everything. I looked through the GPO ad registry and see nothing configured to prevent access to the standard user account. Is this the expected outcome for the "base" user account and if so are there anyways in which to modify the image or OS to allow access for the standard user?

windows-iot-10core
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sean-Liming avatar image
0 Votes"
Sean-Liming answered

OEMs can customize their Windows 10 LTSC systems to lock down for security any way they see fit. HP tends to do customization to their Thin Clients that fit a specific market model. You will have to contact HP to see how to unlock the system.

Normally, I would use GPO to lock down USB ports: https://www.annabooks.com/Articles/Articles_IoT10/Windows-10-IoT-DeviceBlock-Rev1.4.pdf , but there are some third party software solutions that can offer the same protection on a domain level. HP might be using one of these 3rd party solutions.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

scottman99-3098 avatar image
0 Votes"
scottman99-3098 answered Sean-Liming commented

I did reach out to HP before placing this on the forum, and of course HP tells me to get MS and to contact them directly. Always love the finger pointing back and forth. I bought 2 different models to test out with and the OS did the same for both models.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

In my experience, HP does strange things with TCs. It is their device and they should know what is going on.

0 Votes 0 ·
SeeyaXi-msft avatar image
0 Votes"
SeeyaXi-msft answered

Hi @scottman99-3098,

Yes. As Sean said. > OEMs can customize their Windows 10 LTSC systems to lock down for security any way they see fit.
Please read this link below.
https://docs.microsoft.com/en-us/windows/iot/iot-enterprise/os-features/security#secure-boot
Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).


Best regards,
Seeya


If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.