?
Solved

disable USB drive in Xp

Posted on 2009-04-28
8
Medium Priority
?
1,517 Views
Last Modified: 2013-12-04
i had disable all the USB drives of my client in LAN using the below link procedure

http://www.windowsdevcenter.com/pub/a/windows/2005/11/15/disabling-usb-storage-with-group-policy.html

with this procedure i am able to block only USB drive which already used in computer when some one bring a new flash drive it will work here  so i done registery entry to make that block using   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
Locate the following value (DWORD): Start and give it a value of 4.

but when i try to plug a new usb drive that value is revert back to 3 again.

 



0
Comment
Question by:samithsukumar
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 2

Accepted Solution

by:
-pio- earned 210 total points
ID: 24250018
Hi,

I am using the same method to disable USB storage class, but I also remove the rights from the driver files.

Here is my solution, consists of 3 files:

_______ DISABLEUSB.BAT _______

cacls %windir%\inf\usbstor.inf /p SYSTEM:N < yes.txt
cacls %windir%\inf\usbstor.pnf /p SYSTEM:N < yes.txt
regedit /s disableusb.reg


________ DISABLEUSB.REG __________

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000004



____________ YES.TXT _____________

Y





Regards,
Peter
0
 
LVL 3

Author Comment

by:samithsukumar
ID: 24251153
your DISABLEUSB.BAT file works g8 for me also..thanx
can you provide me the  ENABLEUSB.BAT . Because  i need to allow access to my client for doing some urgent case
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 90 total points
ID: 24255036
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 3

Author Comment

by:samithsukumar
ID: 24257040
thanx dstewartjr.
will it block the flash drive whos drives already installed as well as the new one which has'nt plug before.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24257444
Pretty sure
0
 
LVL 2

Expert Comment

by:-pio-
ID: 24303418
Sorry for the delay,
here is ENABLEUSB.REG

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000003


here is ENABLEUSB.BAT
cacls %windir%\inf\usbstor.inf /p Administrators:F Users:R SYSTEM:F < yes.txt
cacls %windir%\inf\usbstor.pnf /p Administrators:F Users:R SYSTEM:F < yes.txt
regedit /s enableusb.reg




There reissue the rights to the two files and set the usbstor driver to start up normally

Regards,
Peter
0
 

Expert Comment

by:mash1978
ID: 28678519
BATCH File for the same :

-----------------------------------------------------------------------------------------------


@echo off

:: Disable USBstor driver
reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 4 /f

reg add HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /v WriteProtect /t REG_DWORD /d 1 /f

:: Disable read permissions on USBstor driver

:: Create dummy file and copy original usb storage files
cd \

Mkdir %SystemRoot%\inf\BAK

copy  %SystemRoot%\inf\usbstor.inf %SystemRoot%\inf\BAK\zu.inf


copy  %SystemRoot%\inf\usbstor.PNF %SystemRoot%\inf\BAK\zu.Pnf

copy %SystemRoot%\system32\drivers\USBSTOR.SYS %SystemRoot%\inf\BAK\ZU.SYS


:: Remove Access for Users from  files
cacls %SystemRoot%\inf\usbstor.inf /E /R users
cacls %SystemRoot%\inf\usbstor.PNF /E /R users
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R users
cacls %SystemRoot%\inf\usbstor.inf /E /D users
cacls %SystemRoot%\inf\usbstor.PNF /E /D users
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D users

:: Remove Access for System
cacls %SystemRoot%\inf\usbstor.inf /E /R system
cacls %SystemRoot%\inf\usbstor.PNF /E /R system
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R system
cacls %SystemRoot%\inf\usbstor.inf /E /D system
cacls %SystemRoot%\inf\usbstor.PNF /E /D system
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D system

:: Remove Access for ower Users
cacls %SystemRoot%\inf\usbstor.inf /E /R "Power Users"
cacls %SystemRoot%\inf\usbstor.PNF /E /R "Power Users"
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R "Power Users"
cacls %SystemRoot%\inf\usbstor.inf /E /D "Power Users"
cacls %SystemRoot%\inf\usbstor.PNF /E /D "Power Users"
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D "Power Users"

:: Remove Access for Administrators
cacls %SystemRoot%\inf\usbstor.inf /E /R Administrators
cacls %SystemRoot%\inf\usbstor.PNF /E /R Administrators
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R Administrators
cacls %SystemRoot%\inf\usbstor.inf /E /D Administrators
cacls %SystemRoot%\inf\usbstor.PNF /E /D Administrators
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D Administrators

:: Remove Access for EveryOne
cacls %SystemRoot%\inf\usbstor.inf /E /R Everyone
cacls %SystemRoot%\inf\usbstor.PNF /E /R Everyone
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R Everyone
cacls %SystemRoot%\inf\usbstor.inf /E /D Everyone
cacls %SystemRoot%\inf\usbstor.PNF /E /D Everyone
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D Everyone


REM ::USB_REG_PERMISSION_changes

:: If parameter recover then undo all this
IF [%1]==[enable] GOTO Enable
:: Create a temporary .REG file - DISABLE USB
> "%Temp%.\u1.ini" ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR [0 0 0 0]
regini "%Temp%.\u1.ini"
DEL "%Temp%.\u1.ini"

:Exit

:: Leave state

---------------------------------------------------------------------------------------------------------------


0
 

Expert Comment

by:mash1978
ID: 28679363

DISABLE USB and autorun  batch File

-----------------------------------------------------



@echo off

:: Disable USBstor driver
reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 4 /f

:: USB Read Only Mode
reg add HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /v WriteProtect /t REG_DWORD /d 1 /f

:: USB Disable startup

reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Boot /t REG_DWORD /d 0 /f

rem reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v System /t REG_DWORD /d 1 /f

reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Auto Load /t REG_DWORD /d 0 /f

:: Disable read permissions on USBstor driver

:: Remove Access for Users from  files

cacls %SystemRoot%\inf\usbstor.inf /E /R users
cacls %SystemRoot%\inf\usbstor.PNF /E /R users
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R users
cacls %SystemRoot%\inf\usbstor.inf /E /D users
cacls %SystemRoot%\inf\usbstor.PNF /E /D users
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D users

:: Remove Access for System
cacls %SystemRoot%\inf\usbstor.inf /E /R system
cacls %SystemRoot%\inf\usbstor.PNF /E /R system
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R system
cacls %SystemRoot%\inf\usbstor.inf /E /D system
cacls %SystemRoot%\inf\usbstor.PNF /E /D system
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D system

:: Remove Access for ower Users
cacls %SystemRoot%\inf\usbstor.inf /E /R "Power Users"
cacls %SystemRoot%\inf\usbstor.PNF /E /R "Power Users"
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R "Power Users"
cacls %SystemRoot%\inf\usbstor.inf /E /D "Power Users"
cacls %SystemRoot%\inf\usbstor.PNF /E /D "Power Users"
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D "Power Users"

:: Remove Access for Administrators
cacls %SystemRoot%\inf\usbstor.inf /E /R Administrators
cacls %SystemRoot%\inf\usbstor.PNF /E /R Administrators
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R Administrators
cacls %SystemRoot%\inf\usbstor.inf /E /D Administrators
cacls %SystemRoot%\inf\usbstor.PNF /E /D Administrators
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D Administrators

:: Remove Access for EveryOne
cacls %SystemRoot%\inf\usbstor.inf /E /R Everyone
cacls %SystemRoot%\inf\usbstor.PNF /E /R Everyone
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R Everyone
cacls %SystemRoot%\inf\usbstor.inf /E /D Everyone
cacls %SystemRoot%\inf\usbstor.PNF /E /D Everyone
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D Everyone


REM ::USB_REG_PERMISSION_changes

:: If parameter recover then undo all this
IF [%1]==[enable] GOTO Enable
:: Create a temporary .REG file - DISABLE USB
> "%Temp%.\u1.ini" ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR [0 0 0 0]
regini "%Temp%.\u1.ini"
DEL "%Temp%.\u1.ini"

:Exit

:: Leave state





USB-DIS.TXT
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question