Tuesday, March 11, 2008

To Disable the Use of USB Storage Devices

If a USB storage device is not already installed on the computer, assign the user or the group Deny permissions to the following files:
  • %SystemRoot%\Inf\Usbstor.pnf
  • %SystemRoot%\Inf\Usbstor.inf
When you do so, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:
1.Start Windows Explorer, and then locate the %SystemRoot%\Inf folder.
2.Right-click the Usbstor.pnf file, and then click Properties.
3.Click the Security tab.
4.In the Group or user names list, click the user or group that you want to set Deny permissions for.
5.In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK. Note In addition, add the System account to the Deny list.
6.Right-click the Usbstor.inf file, and then click Properties.
7.Click the Security tab.
8.In the Group or user names list, click the user or group that you want to set Deny permissions for.
9.In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.


If a USB Storage Device Is Already Installed on the Computer
If a USB storage device is already installed on the computer, set the Start value in the following registry key to 4: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
When you do so, the USB storage device does not work when the user connects the device to the computer. To set the Start value, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. Locate, and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
  4. In the right pane, double-click Start.
  5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
  6. Quit Registry Editor.

1 comment:

Mike said...

You may want to take a look at desktop authority .

That can be a perfect way for usb lockdown. I was very pleased by it's powerful usb and ports security features.
After some security incidents I got a task to limit the access to usb devices in our environment.

With this solution I successfully blocked usb storage sticks for users who have an access to sensitive project data.
According to our new security policy I also limited access to mp3 players, PDAs, phones for the most of users in our company.

Great benefit of this tool that it can report on usb usage and denials of access. We schedule such reports on a daily basis for some user classifications.

Paypal To Register

Sign up for PayPal and start accepting credit card payments instantly.

About Me

My photo
Please be often to visit and subscribe for my blog, because that would be really helpful for me. Thank you to read all of my post. If you don't mind come and have a chat with me. ^_^