?
Solved

Disable USB drives in Windows 7

Posted on 2014-01-29
7
Medium Priority
?
808 Views
Last Modified: 2014-02-12
For Windows XP I had a simple registry code in the login script that would disable/enable USB drives for users or computers.  I'm trying to find a way to do the same thing for Windows 7 - use the login script instead of GPO so I have more granular control.  Any ideas?
0
Comment
Question by:pcservne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39819441
This page says that the registry code should still work:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

Open in new window

Set Start to 4.

HTH,
Dan
0
 

Author Comment

by:pcservne
ID: 39819452
That's what I have now.  It only works for Windows XP, not Windows 7.
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39819480
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:pcservne
ID: 39819590
Same commands as the previous post.  I don't know why they claim it works on Win7/8, but it does NOT.
0
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
ID: 39820051
hi,

check your GPO setting i think your GOP not working in win 7 PC. and please RUN rsop.msc in win 7 system and check rules are apply or not.
0
 
LVL 6

Accepted Solution

by:
Aditya Arora earned 1500 total points
ID: 39823611
Hi,

    If the USB storage device is not installed in system:

1. Type %windir%\inf in RUN dialog box and press Enter. It'll open "inf" folder.

2. Now look for following 2 files:

    usbstor.inf
    usbstor.pnf

3. Now you have to change their user permissions setting. Do as following for each file:

Right-click on the file and select "Properties". Go to "Security" tab and select the desired user or group in "Group or user names" list which you want to restrict from using USB drives. Now in "Permissions for Users" list, click on "Deny" checkbox next to "Full control" option and then click on OK.

4. That's it. Now users will not be able to install any USB storage device in system.

    If the USB storage device is already installed in system:

1. Type regedit in RUN dialog box and press Enter. Now go to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

2. In right-side pane, change value of "Start" to 4

3. Now whenever a user will attach a USB storage device which is already installed in system, Windows will not detect it and it'll not be shown in My Computer.

NOTE: If you want to revert it back to default, then change the value of "Start" to 3
0
 

Author Comment

by:pcservne
ID: 39824774
OK - but I've got 250 machines and can't do it manually.  Plus some users need access to USB drives regardless which PC they sign onto.  That's why my command of turning the UsbStor service to 3 or 4 in the login script worked perfectly.  Except what several articles say, it doesn't work in Windows 7.  Disabling USBSTOR.INF & USBSTOR.PNF seem like the answer, but I need a way to do it in the login script, not GPO.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question