?
Solved

How to lock down USB ports

Posted on 2005-04-01
10
Medium Priority
?
5,845 Views
Last Modified: 2012-05-05
I've got some desktop comptuers that I need to lock down the USB ports on. I'm trying to keep people from being able to plug in a USB flash drive and copy files to it while still allowing use of USB peripherals such as keyboards, mice and printers.  I've run across SecureNT from Securewave (I think they call it Sactuary Device Control now) and DeviceLock, but my management has rejected those products so I need to come up with something else.  They have rejected these products for other than technical reasons so if I can find some other product(s) that performs the same functions, I will be very happy.

Thanks for any help.

Daniel

0
Comment
Question by:junior15
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 4

Expert Comment

by:orhanbaba
ID: 13686896
when computer robooting press del or f2 and enter bios . some where else there must be a usb setting . turn it off and add a password to your bios.
0
 
LVL 2

Expert Comment

by:Rickggoalie3
ID: 13687037
Here is what your looking for...I think. This Reg Hack will disable/enable USB drives as needed.

****Begin Source (StopUSBDrive)****

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000004

****End Source (StopUSBDrive)*****

****Begin Source (Start USBDrive)****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000004

****End Source (Start USBDrive)****

Hope this helps,
Rick G
0
 
LVL 2

Accepted Solution

by:
Rickggoalie3 earned 750 total points
ID: 13687042
HEH, opps, scratch that.

Heres the actual source....

****Begin Source (StopUSBDrive)****

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000004

****End Source (StopUSBDrive)*****

****Begin Source (Start USBDrive)****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000003

****End Source (Start USBDrive)****
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:Rickggoalie3
ID: 13687044
no more posting at 1:41 am for me...

Rick G
0
 
LVL 4

Expert Comment

by:orhanbaba
ID: 13687053
if you are not professional user workng on registry is dangerous. you can damage registry. the best is bios. the easiest way is the best.
0
 
LVL 2

Expert Comment

by:Rickggoalie3
ID: 13687074
If you have any problems at all simply set that setting back to "3". Thats whay there are two scripts.

The following script will undo the actions of the first.

****Begin Source (Start USBDrive)****

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000003

****End Source (Start USBDrive)****

Rick G
0
 
LVL 6

Author Comment

by:junior15
ID: 13688422
I'll take a look at the registry edits and see if this works for what I need.

orhanbaba:
Yes, editing the registry could be dangerous, but I'm very comfortable with editing the registry. Also, as I stated in my original post, I still need to use the USB ports for keyboards, mice and printers so disabling the ports in the bios isn't a solution.
0
 
LVL 13

Expert Comment

by:Glen A.
ID: 13690555
orhanbaba: just fyi, the bios idea won't work for junior15, as he mentioned in his original Q:

"I'm trying to keep people from being able to plug in a USB flash drive and copy files to it while still allowing use of USB peripherals such as keyboards, mice and printers."

Because he wants to still use USB for keyboards, mice and printers, your suggestion of disabling it in the bios won't work for the questioner.

Ab.
0
 
LVL 1

Expert Comment

by:TheBest
ID: 13696131
What my school did to disable kids plugging in USB flash drives is add heaps of mapped drives into 'My Computer', eg. A: to Z: were all mapped (about half mapped to a blank folder). These are all mapped in the logon script. When someone plugs in a USB Drive, the system detects the hardware, but the drive doesn't appear.

does that help?

--daniel15
0
 
LVL 6

Author Comment

by:junior15
ID: 14213794
I haven't had a chance to get the regedits suggested here implemented because of politics and required approvals but I think it should work.

Thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Basic computer tune-up with little or no hardware upgrades. Giving an old computer a tune-up usually results in a minimal performance gain, but a gain nonetheless. Several times a week, I’m faced with users at work who ask to make their computers…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses
Course of the Month12 days, 23 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question