• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2252
  • Last Modified:

Disable USB Ports in Windows XP

Hello,

        Can someone please tell me how I can disable the USB port on a machine so that no Memory Stick, or Flash Drives can be attached to the machine?


                                                                       Thank You
0
vreyesii
Asked:
vreyesii
  • 6
  • 6
  • 6
  • +2
2 Solutions
 
Jay_Jay70Commented:
Hi vreyesii,

you can block USB in the bios completely

you cant block specific objects without a 3rd party app, ie if you have a usb keyboard, it wont work also, if you want security on USB try a 3rd paty util
http://www.devicelock.com/
0
 
Nick DennyCommented:
Go into device manager

Click Start, click Run, and then type "devmgmt.msc" (without the quotation marks).

Scroll down to USB and mark as disabled, by right clicking then clicking "disable".




0
 
vreyesiiAuthor Commented:
When I go into device manager what I see is Universal Serial Bus Controllers when I right click on the there is no disable just properties.


                       Thank You
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Nick DennyCommented:
Expand the branch - double click "Universal Serial Bus Controllers".

You have a small + to the left? You can also cick that.
0
 
Nick DennyCommented:
Although I would actually agree with Jay - its safer to disable in Bios, then you can password protect Bios.
0
 
vreyesiiAuthor Commented:
Ok I click on the USB Mass Storage Device and disabled it, however I was only able to do that when I connected the Flash Drive first, what if the Flash Drive is not inserted yet how can I deny access?

                                                     Thank You
0
 
vreyesiiAuthor Commented:
Yes but the problem with that is that the Keyboard and Mouse will stop working.

                                          Thank You
0
 
Nick DennyCommented:
If you did disable in Bios you would need to get a couple of USB/PS2 adapters (assuming your motherboard had connections for these)

Like these  http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=9717142766

Alternatively - you need to identify which controller is controlling the port you are plugging the stick into. Trial and error easiest. (But if you disable the keyboard and mouse in the "error" part, you lose them - not good).

I would tend to backtrack on the "disable in device manager" unless you have some PS2 adapters to hand though.

Also, whats to stop someone re-enabling them?

Go with the Bios if at all possible.
0
 
vreyesiiAuthor Commented:
Can anyone recommend anymore 3rd party software.

                              Thank You
0
 
Nick DennyCommented:
Looks like this may be useful (and free)

http://www.intelliadmin.com/blog/2006/04/disable-usb-drives.html
0
 
Jay_Jay70Commented:
the one above i mentioned
0
 
nobusCommented:
0
 
craylordCommented:
Is this on a domain? Or is this for stand alone workstations (kiosk)?
0
 
vreyesiiAuthor Commented:
This is for a standalone workstation.

                        Thank You
0
 
craylordCommented:
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx

Download this. This is the answer to your needs. Plus its free.
0
 
Jay_Jay70Commented:
shared access util doesnt lock specific ports types dude......
0
 
Nick DennyCommented:
I think you have to consider something here that you may have overlooked:

I suggested earlier buying some USB-PS2 adapters for your keyb and mouse. In doing this you can follow Jays advice and disable the USB in the bios. Password protect the bios and job done. Simple and easy.

If you do not do this, and do manage to disable all USB (except keyb and mouse), what is to stop someone unplugging either your keyboard or mouse, parking a USB stick in the port, and using either the mouse or keyb (whichever they didn't unplug) to copy onto their stick?

You appear to have no choice other than going over to PS2 connections - then follow the bios option.  And for real belt and braces - lock your case.

The only possibility to give you an option to this I can think of, is to cement in the mouse and keyb then epoxy up all the USB ports, and padlock your case.

Extreme perhaps - but how important is this issue to you?

Or have I missed something here (its 3.30am now and its been a hard day)?
0
 
Jay_Jay70Commented:
nick is nailing it on the head i think, if you dont want to spend money on a 3rd party app then there is NO way in windows that you can do what you are asking, just check the amount of PAQ's with this topic - you need to either spend money or follow above advice with epoxy :)
0
 
vreyesiiAuthor Commented:
Looks like I will have to be getting a Third Party software, thank you eveynone for all the help.


                                   Thank Again.
0
 
craylordCommented:
>shared access util doesnt lock specific ports types dude......

Apparenty you have not used it. No it doesn't restrict ports but that is the benefit. It will let you restrict drives from being accessed/assigned. When a usb storage device is connected a letter must be assigned to it. Removing all the drives letters will prevent storage devices from working while letting other usb connections work such as a keyboard, mouse, or webcam. dude.......
0
 
Jay_Jay70Commented:
>>Apparenty you have not used it
Good on ya....

if your workaround is so successfull why did you not write up what you just told me........? I have used shared access and that is a good workaround that i hadnt toyed with

if the machine is in a domain environment then shared access wont work full stop which i guess is a moot point as no details were specified
0
 
craylordCommented:
I didn't feel the need to write up on it as the easiest thing to do is read about it. Any person responsible for solution implementation should take the time to do so  If submitter asks more for more help, then I'll assume they don't have the technical aptitude and will elaborate.

Agreed, no details really mentioned. The domain environment is not ideal, but can be worked around. This application requires the windows genuine advantage app to run, so you can't roll it out across a domain. You can however, do it to one pc and then ghost it to work around it. Haven't actually tried that yet, but technically it would work.

/comments meant to be light-hearted tongue in cheek :)
0
 
Jay_Jay70Commented:
:) i found that i couldnt access my domain account only my local accounts - i think thats a limitation

that is a really neat workaround though and i apologise if my replies came out short :)

All the best Mate

James
0
 
craylordCommented:
You're right, didn't think about the local account vs domain account. I vaguely remember reading somewhere it could be managed via GPO, so I never thought of the domain account. They just released version 1.1, perhaps that was addressed. Good idea exchange.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 6
  • 6
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now