Link to home
Create AccountLog in
Avatar of bobbytcy

asked on

How to block users from access usb portable storage devices (they can still plug in but cant access)

dear experts,

I'm an administrator and wants to achive the above to minimise virus infection to the pc (educating the users failed...). I have administrative rights account and want to limit access to usb storage devices (thumb drives/portable hdd) from normal users who logs in using limited access accounts.

How do I implement it and how do I reverse it? Also it should not affect my administrative account from using the usb thumb drive (only limited account users are affected). Please advice!



Avatar of RobSampson
Flag of Australia image

From here:

This is a great tip to disable usb storage drivers while allowing your keyboards, mouse and scanner to keep working. Very useful for public computers where you need to keep people away from copying its content. This only works on windows machine though.

1. Always backup your registry in case you mess up something
2. Open regedit and change the key value Start
of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USbStor to 4.

Value 4 - Storage USB devices are disabled
Value 3 - Storage USB devices are enabled

Also this can be done with Group Policy:


Avatar of sonysg

hi bobbytcy,
there is a similiar question been asked before

You can create a group policy ad described in 
Avatar of bobbytcy


hi guys thanks for the input but  i'm just managing 3 pcs so GPO is an overkill (on a Win XP). I'd go with the idea of changing the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USbStor to 4.

but in this case if I were to login as administrator i'd be blocked from using usb storage as well unless i enable it to "3". What i'm looking for is on a same pc:

user A: limited account logs in- can't use usb storage at all (this can be easily achieved by registry method since he can't install new usb drivers so it's foolproof, right?)

user B: administrator account logs in- without changing registry string/running "net start usbstor" in command prompt, can straight away plug in a usb storage device/portable hdd and use. This is the hard part...


could you create a small batch file to run the command when you log in which will enable it for you, and a smimlar batch file for the other users that will run when they log in and will disable the usb drive functions
hi richard then roughly what'd the batch file look like for the administrator account? Is it something like this:


@net start usbstor

pls advice.


HI Bob,
there's a batch file for you to do a reference

think that batch file that describe on the article will work for you.

Avatar of sonysg

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
That's what i want! Thanks for all the helps guys!
glad that worked, the response given by sonysg was pretty much the path i was on. let us know weather it really works. the answers on the links provided gave mixed results.