Solved

Auto disconnecting Specific USB devices after an amount of time ?

Posted on 2016-08-09
6
106 Views
Last Modified: 2016-08-11
Is there a way to auto disconnect specific USB's devices after a precise amount of time via Registry or GPO ? or can this be scripted

After x amount of time the usb device gets disconected ,If that specific Usb is disconnected then re plugin it would reset the countdown timer back to a amout of time so it can be used again ...

I also researched and found a Microsoft utility called Devcon that manages devices :

DevCon (Devcon.exe), the Device Console, is a command-line tool that displays detailed information about devices on computers running Windows. You can use DevCon to enable, disable, install, configure, and remove devices.

I'm more concerned about the feasibility , can this be done & scripted if no gpo exists for such .... ?
0
Comment
Question by:Fouad Maidine
  • 2
  • 2
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 41748556
That utility mighthelp you only a little bit in your curious quest to something that sounds very user-UNfriendly.
Maybe that's why no one has built such an app yet.
Think about copying files to a USB drive, or printing a large document. Suddenly it just stops and you have to re-do everything again (after re-inserting the USB). Obviously, you have a reason for this (which I'd very much like to know, but if you don't want to reveal it, it's also ok).
But alas, you COULD use it to program or script something, though the GPO doesn't seem helpful in this case. Unless you distribute the executable first, and run scripts locally.
Since there's a remote function in the tool, you could just built the app or script around a server in your network that scans available computer, and lists the current hardware
Then at an interval, repeats, and compares the previous scan.
Then you have to keep a database on the new devices, and when the time comes, disconnect the device and clear the database.
So, it's doable, but needs a lot of programming (and even more time for realworld testing)
Another options is to push a self-written app as a service to all the computers.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 41748742
For DevCon, it can also disable based on device pid and probably, we can use PS trigger the when USB is detected (e.g. MonitorDriveEvents.ps1) and after a timer wait out (Start-Sleep mm) then disable the USB (Devcon). Fo rinfo PS has "RemoveDrive Method"

Besides DevCon, there are other command line tools to "disconnect" USB, you may consider using removedisk with option such as ...
[-a]       activates Windows of applications owning the open handles, requires -h
[-w:nnnn]  wait nnnn milliseconds before closing the program (time to read its output)
or usb disk ejector .  

For the period setting restriction, I am thinking of the task scheduler to be trigger based on USB connected.
Create custom event triggers in Vista Task Scheduler
http://www.techrepublic.com/blog/windows-and-office/create-custom-event-triggers-in-vista-task-scheduler/

Put the ThumbDrive in, copy a few files to it, then Safely Remove and check the event viewer for the Event ID if needed.

Look in the Event Viewer. This free utility makes it easy to check though you might need to also check with the Windows Event Viewer.
http://www.computerperformance.co.uk/vista/vista_event_viewer.htm
1
 
LVL 7

Author Comment

by:Fouad Maidine
ID: 41750924
@Kimputer

Thank you for answering

Not at all , What we do as a living in our field is serving and empowering users ^^, i have specific reasons to do that and its not about stopping General storage usbs or printers (heh that would get a lot of users angry ), but for a specific device .

We use Usb security tokens here , and a lot of times every day , users leave it pluged in , so when they go away and the windows auto locks , and for example someone nearby touches the keyboard accidentally (and i dont know why it's 'enter' key accidentally)  it reduces the number of attempts before the security token gets locked , users forget passwords all the time , they hit and miss a lot, so they have to come to the IT department so we unlock it ...(i m not in a position to criticize security measures so ...)

I noticed this and i want to reduce the amount of work we do ,especially "hamster wheel work" (ig resetting tokens)  I like to call it hamster wheel because you keep on doing it (like when the hamster gets on the wheel and starts spinning ) it gets you nowhere , and the amount of work never seems to end + it takes precious time away from our lives , we could focus on more important things

I want the hardware & software to do the work .

Im thinking of this (and automating the Security  unlock meanwhile at least ... ( no clicking on gui's ...) but that's another topic and its easy to do so ) i might do that first then start on this project.

And yes it seems a self written app is the solution , i might just do that one step at a time , i dont mind programming .

And yes perhaps its better to use a scripting language for this project  ,  and keep the script running locally on the clients , deployment is not a problem server client architecture might be overkill for this ?

Good idea this might need a database ,For the database im thinking maybe sqlite , if it's lighweight and not ressource heavy .

@Dban

thank you for your comment

It seems that powershell can do the job ,those security tokens have specific Pids , monitoring triggers , then using DriveCmdletProvider , and using a timer based on when that usb device is pluged in...

usb disk ejector is great but its gui based, i want to automate not click ^^ , and is built with pascal code i think (.*.pas files ?) i might check the code if it can help ...

and yes task scheduler & the event viewer , Great idea !

can power shell can be used to create tasks , verify the task scheduler service if its on or off and any dependencies  ? (  i can search on the how , i am just checking if PS can or cannot do this , but if you have anything that might help i dont mind )

Also I am thinking how would such script be run  at the Begin Logon prompt (if this is possible) , The usual start-up phase i think for windows is kernel loading phase->Winlogon.exe ->SCM services ->Lsass->  Begin Logon prompt  then user Userinit.exe -> Explorer.exe and GPO'S  and startup programs ... right ?

it might be easy on user init , setting it up as a start up program , but if it can be run before this would be nifty !

I will check what events happen on Usb plug and on usb removal for most used devices and for what we use as security tokens ...

Any input and or Constructive criticism is welcomed
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 41751292
Both Removedrive and USB ejector are suggested as they can be CLI - It can be run as a command line program. Not sure where did you  get the info that ejector is pascal based.

For startup, consider running the batch file to execute the job or program
For example, use the appropriate method to configure Notepad.exe to run when a user logs on:

To configure Notepad to run when any user logs on to a specific computer:
Edit the following group policy:
Computer Configuration\Administrative Templates\System\Run These Programs at User Logon

Type the full path name of the program. In this example, type the following path name:
c:\%windir%\system32\notepad.exe

To configure Notepad to run when a specific user logs on (regardless of the computer he or she uses):

Edit the following group policy:
User Configuration\Administrative Templates\System\Run These Programs at User Logon

Type the full path name of the program.
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 250 total points
ID: 41751690
Seems you already know your hardware well, so this would personally be my solution:

Distribute to laptop:

devcon.exe
your script (powershell)
enable task scheduler with your script (daily, continuously for every 5 minutes). Script takes probably less than a few ms to process, so no worries there:

Use the script from: https://blogs.technet.microsoft.com/heyscriptingguy/2014/05/25/weekend-scripter-use-powershell-to-find-and-disable-webcams/

Instead of the webcam description and hardware id, use your own usb security token key's description and hardware id.

The script (not database driven anymore, since you already know it's ONLY ONE usb token that's easily identified. Database driven is necessary if loads and loads of  usb storage devices were to be connected):

check if the token usb key is detected
if no, do nothing
if yes, check if there's flag file, check creation time  of flag file > 30 min, then fire devcon command (test beforehand, that it ONLY disconnect the usb token), remove flag file. If no flag file, make it.
0
 
LVL 7

Author Closing Comment

by:Fouad Maidine
ID: 41752684
Thank you@kimputer and @btan again for your time
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now