Disable USB drives in Windows 7

For Windows XP I had a simple registry code in the login script that would disable/enable USB drives for users or computers.  I'm trying to find a way to do the same thing for Windows 7 - use the login script instead of GPO so I have more granular control.  Any ideas?
pcservneAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Aditya AroraConnect With a Mentor Network & Hardware Commented:
Hi,

    If the USB storage device is not installed in system:

1. Type %windir%\inf in RUN dialog box and press Enter. It'll open "inf" folder.

2. Now look for following 2 files:

    usbstor.inf
    usbstor.pnf

3. Now you have to change their user permissions setting. Do as following for each file:

Right-click on the file and select "Properties". Go to "Security" tab and select the desired user or group in "Group or user names" list which you want to restrict from using USB drives. Now in "Permissions for Users" list, click on "Deny" checkbox next to "Full control" option and then click on OK.

4. That's it. Now users will not be able to install any USB storage device in system.

    If the USB storage device is already installed in system:

1. Type regedit in RUN dialog box and press Enter. Now go to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

2. In right-side pane, change value of "Start" to 4

3. Now whenever a user will attach a USB storage device which is already installed in system, Windows will not detect it and it'll not be shown in My Computer.

NOTE: If you want to revert it back to default, then change the value of "Start" to 3
0
 
Dan CraciunIT ConsultantCommented:
This page says that the registry code should still work:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

Open in new window

Set Start to 4.

HTH,
Dan
0
 
pcservneAuthor Commented:
That's what I have now.  It only works for Windows XP, not Windows 7.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
Michael-BestCommented:
0
 
pcservneAuthor Commented:
Same commands as the previous post.  I don't know why they claim it works on Win7/8, but it does NOT.
0
 
Pradeep VIshwakarmaCommented:
hi,

check your GPO setting i think your GOP not working in win 7 PC. and please RUN rsop.msc in win 7 system and check rules are apply or not.
0
 
pcservneAuthor Commented:
OK - but I've got 250 machines and can't do it manually.  Plus some users need access to USB drives regardless which PC they sign onto.  That's why my command of turning the UsbStor service to 3 or 4 in the login script worked perfectly.  Except what several articles say, it doesn't work in Windows 7.  Disabling USBSTOR.INF & USBSTOR.PNF seem like the answer, but I need a way to do it in the login script, not GPO.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.