[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Disable USB drives in Windows 7

Posted on 2014-01-29
7
Medium Priority
?
835 Views
Last Modified: 2014-02-12
For Windows XP I had a simple registry code in the login script that would disable/enable USB drives for users or computers.  I'm trying to find a way to do the same thing for Windows 7 - use the login script instead of GPO so I have more granular control.  Any ideas?
0
Comment
Question by:pcservne
7 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39819441
This page says that the registry code should still work:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

Open in new window

Set Start to 4.

HTH,
Dan
0
 

Author Comment

by:pcservne
ID: 39819452
That's what I have now.  It only works for Windows XP, not Windows 7.
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39819480
0
[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

 

Author Comment

by:pcservne
ID: 39819590
Same commands as the previous post.  I don't know why they claim it works on Win7/8, but it does NOT.
0
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
ID: 39820051
hi,

check your GPO setting i think your GOP not working in win 7 PC. and please RUN rsop.msc in win 7 system and check rules are apply or not.
0
 
LVL 6

Accepted Solution

by:
Aditya Arora earned 1500 total points
ID: 39823611
Hi,

    If the USB storage device is not installed in system:

1. Type %windir%\inf in RUN dialog box and press Enter. It'll open "inf" folder.

2. Now look for following 2 files:

    usbstor.inf
    usbstor.pnf

3. Now you have to change their user permissions setting. Do as following for each file:

Right-click on the file and select "Properties". Go to "Security" tab and select the desired user or group in "Group or user names" list which you want to restrict from using USB drives. Now in "Permissions for Users" list, click on "Deny" checkbox next to "Full control" option and then click on OK.

4. That's it. Now users will not be able to install any USB storage device in system.

    If the USB storage device is already installed in system:

1. Type regedit in RUN dialog box and press Enter. Now go to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

2. In right-side pane, change value of "Start" to 4

3. Now whenever a user will attach a USB storage device which is already installed in system, Windows will not detect it and it'll not be shown in My Computer.

NOTE: If you want to revert it back to default, then change the value of "Start" to 3
0
 

Author Comment

by:pcservne
ID: 39824774
OK - but I've got 250 machines and can't do it manually.  Plus some users need access to USB drives regardless which PC they sign onto.  That's why my command of turning the UsbStor service to 3 or 4 in the login script worked perfectly.  Except what several articles say, it doesn't work in Windows 7.  Disabling USBSTOR.INF & USBSTOR.PNF seem like the answer, but I need a way to do it in the login script, not GPO.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: evilrix
Looking for a way to avoid searching through large data sets for data that doesn't exist? A Bloom Filter might be what you need. This data structure is a probabilistic filter that allows you to avoid unnecessary searches when you know the data defin…
In a question here at Experts Exchange, a member was looking for "a little app that would allow sound to be turned OFF and ON by simply clicking on an icon in the system tray". This article shows how to achieve that, as well as providing the same OF…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses
Course of the Month7 days, 21 hours left to enroll

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question