Solved

Disable USB drives in Windows 7

Posted on 2014-01-29
7
799 Views
Last Modified: 2014-02-12
For Windows XP I had a simple registry code in the login script that would disable/enable USB drives for users or computers.  I'm trying to find a way to do the same thing for Windows 7 - use the login script instead of GPO so I have more granular control.  Any ideas?
0
Comment
Question by:pcservne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39819441
This page says that the registry code should still work:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

Open in new window

Set Start to 4.

HTH,
Dan
0
 

Author Comment

by:pcservne
ID: 39819452
That's what I have now.  It only works for Windows XP, not Windows 7.
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39819480
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 

Author Comment

by:pcservne
ID: 39819590
Same commands as the previous post.  I don't know why they claim it works on Win7/8, but it does NOT.
0
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
ID: 39820051
hi,

check your GPO setting i think your GOP not working in win 7 PC. and please RUN rsop.msc in win 7 system and check rules are apply or not.
0
 
LVL 6

Accepted Solution

by:
Aditya Arora earned 500 total points
ID: 39823611
Hi,

    If the USB storage device is not installed in system:

1. Type %windir%\inf in RUN dialog box and press Enter. It'll open "inf" folder.

2. Now look for following 2 files:

    usbstor.inf
    usbstor.pnf

3. Now you have to change their user permissions setting. Do as following for each file:

Right-click on the file and select "Properties". Go to "Security" tab and select the desired user or group in "Group or user names" list which you want to restrict from using USB drives. Now in "Permissions for Users" list, click on "Deny" checkbox next to "Full control" option and then click on OK.

4. That's it. Now users will not be able to install any USB storage device in system.

    If the USB storage device is already installed in system:

1. Type regedit in RUN dialog box and press Enter. Now go to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

2. In right-side pane, change value of "Start" to 4

3. Now whenever a user will attach a USB storage device which is already installed in system, Windows will not detect it and it'll not be shown in My Computer.

NOTE: If you want to revert it back to default, then change the value of "Start" to 3
0
 

Author Comment

by:pcservne
ID: 39824774
OK - but I've got 250 machines and can't do it manually.  Plus some users need access to USB drives regardless which PC they sign onto.  That's why my command of turning the UsbStor service to 3 or 4 in the login script worked perfectly.  Except what several articles say, it doesn't work in Windows 7.  Disabling USBSTOR.INF & USBSTOR.PNF seem like the answer, but I need a way to do it in the login script, not GPO.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
When we purchase storage, we typically are advertised storage of 500GB, 1TB, 2TB and so on. However, when you actually install it into your computer, your 500GB HDD will actually show up as 465GB. Why? It has to do with the way people and computers…
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question