Previous Posts

 Reduce Word 2007 Compatibility Problems

Tweak your recent documents list

Unofficial Windows 2000 Daylight Saving Time Patch...

The Progression of Vista through screenshots

Microsoft to release 8 new patches on January 9th

32GB Flash drive for notebooks

How to run an external program within VB Script

VMWare releases Vista compatible beta

Pre-Register for Longhorn Beta 3

Commodore 64 Commercials



Archives

May 2005

January 2006

April 2006

May 2006

June 2006

July 2006

September 2006

October 2006

November 2006

December 2006

January 2007

February 2007

March 2007

April 2007

May 2007

June 2007

July 2007

August 2007

September 2007

October 2007

November 2007

December 2007

January 2008

February 2008

March 2008

April 2008

May 2008

June 2008

July 2008

August 2008

September 2008

October 2008

November 2008



Subscribe to our Feed:

Disable USB Flash Drives

If you like this article, then sign up for our email newsletter to get more like it every day in your inbox

Update 1/18/2007 11:01 PM EST: I have received a few questions about this method - no it will not disable mice, or keyboards. It only disables storage devices attached to the USB port. This includes hard drives, flash drives, and any other type of USB storage device. And yes, if the user has administrator access they can reverse the changes

USB flash drive
Our USB Flash drive enable/disable program has been out for quite a while now. Recently we have been getting bug reports that it no longer works.

How it operates is simple, we set a registry key that tells the UsbStor driver not to load on boot:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

Start = 4 (Disabled) - Don't start the driver on boot
Start = 3 (Enabled) - Start the driver on boot

If we visit Microsoft, this is an appropriate way to disable USB drives, they even recommend it as a group policy to disable USB, CDROM, and floppy drives:

http://support.microsoft.com/kb/555324

After loading about 10 different variations of Windows (2000, XP, 2003, and Vista with different service packs) in VMWare we started to see a clearer picture.

Some variations will simply reset the key 'Start' back to 3 when a new flash drive is plugged in. The first trick we tried was denying write access for the system account on the USBStor registry key.

It worked on everything except Windows 2003. This version of windows would reset permissions on the key - and delete it!. Then it would re-create with the USB storage enabled.

Then we came across this document:

http://support.microsoft.com/kb/823732

(Looks like it was published much later than KB 555324)

It tells us to put deny permissions for the users we want to lock out on UsbStor.inf, and UsbStor.pnf in the c:\windows\inf folder. Funny thing - it doesn't work. Windows XP will reset the permissions and let the user install their flash drive anyhow.

Now we could have created a filter driver that would sit between windows and usb storage, but we wanted something simple that an administrator could do without even using our program.

We found a simpler solution...rename the files. If we simply rename the files to UsbStor.inf.backup, and UsbStor.pnf.backup windows can no longer load the drivers for usb storage.

So to recap. Rename the files, set the registry key to 4, and users can no longer access any type of usb storage. Reverse the rename, and reset the registry key to 3 and users can access their usb storage again. Ahh. Almost forgot. Reboot required each time you switch.

We have a few programs now that will do this for you. First the USB Disabler. It is for disabling, or enabling USB flash drives on the computer you run it from.

Disable USB Flash Drives

Second we have the remote USB flash disabler. It will allow you to pick a machine on your network and enable, or disable USB flash drives

Disable USB Flash Drives

Third, our Network Administrator product can apply it to all the machines on your network.

Disable USB Flash Drives

They all can be found on our downloads page


Posted By: Steve Wiseman on Wednesday, January 17, 2007

Check out our utilities for windows

 
Home|Downloads|Products|Blog
Copyright © IntelliAdmin, LLC, 2008. All Rights Reserved
Privacy Policy