Solved

Disable USB drives in Windows 7

Posted on 2014-01-29
7
771 Views
Last Modified: 2014-02-12
For Windows XP I had a simple registry code in the login script that would disable/enable USB drives for users or computers.  I'm trying to find a way to do the same thing for Windows 7 - use the login script instead of GPO so I have more granular control.  Any ideas?
0
Comment
Question by:pcservne
7 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39819441
This page says that the registry code should still work:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

Open in new window

Set Start to 4.

HTH,
Dan
0
 

Author Comment

by:pcservne
ID: 39819452
That's what I have now.  It only works for Windows XP, not Windows 7.
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39819480
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:pcservne
ID: 39819590
Same commands as the previous post.  I don't know why they claim it works on Win7/8, but it does NOT.
0
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
ID: 39820051
hi,

check your GPO setting i think your GOP not working in win 7 PC. and please RUN rsop.msc in win 7 system and check rules are apply or not.
0
 
LVL 6

Accepted Solution

by:
Aditya Arora earned 500 total points
ID: 39823611
Hi,

    If the USB storage device is not installed in system:

1. Type %windir%\inf in RUN dialog box and press Enter. It'll open "inf" folder.

2. Now look for following 2 files:

    usbstor.inf
    usbstor.pnf

3. Now you have to change their user permissions setting. Do as following for each file:

Right-click on the file and select "Properties". Go to "Security" tab and select the desired user or group in "Group or user names" list which you want to restrict from using USB drives. Now in "Permissions for Users" list, click on "Deny" checkbox next to "Full control" option and then click on OK.

4. That's it. Now users will not be able to install any USB storage device in system.

    If the USB storage device is already installed in system:

1. Type regedit in RUN dialog box and press Enter. Now go to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

2. In right-side pane, change value of "Start" to 4

3. Now whenever a user will attach a USB storage device which is already installed in system, Windows will not detect it and it'll not be shown in My Computer.

NOTE: If you want to revert it back to default, then change the value of "Start" to 3
0
 

Author Comment

by:pcservne
ID: 39824774
OK - but I've got 250 machines and can't do it manually.  Plus some users need access to USB drives regardless which PC they sign onto.  That's why my command of turning the UsbStor service to 3 or 4 in the login script worked perfectly.  Except what several articles say, it doesn't work in Windows 7.  Disabling USBSTOR.INF & USBSTOR.PNF seem like the answer, but I need a way to do it in the login script, not GPO.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now