How To Enable / Disable USB Removable Mass Storage Device Pen Drive Access in Windows

You can enable/disable USB port of PC / Laptop in BIOS setting. This will prevent and restrict computer users from accessing any external storage devices (flash drive, memory cards, pen drives, portable hard disks) and external action devices like keyboard, mouse, scanners, printers, web cams and such, through the USB port.

The advantage of this is, you restrict users from copying and transferring sensitive data to and from the computer. This is mostly a necessity in: offices to protect intellectual property and cybercafe / public browsing centers to prevent users from knowingly or unknowingly infecting the system with viruses.
Now what if you’d want to block only the storage devices and not keyboards, mouse and other media devices from accessing the system ? This is not possible with the BIOS setup changes, however there is a work around for this, which can be achieved by hacking the registry:
Here’s how you can disable USB storage device drive access in windows :
Click on “Start –> Run –> Type regedit and hit Enter.”
2 Navigate to “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
3 Select the key UsbStor and double click on the Start value, which can be found in the right pane.
4 In Value data part, put 4 (numeric value four), if you want to disable USB storage and put in 3 (numeric value 3), if you want to enable USB storage on your computer.
The change will be effective immediately, however sometimes a reboot may be required. This hack will ensure that all the USB storage devices are disabled / blocked or enabled according to your choice. This works fine on most Windows operating systems such as XP, Vista, Windows server 2000, 2003, and 2008.
If you are not sure how to edit Registry files and are not comfortable dealing with them, download these zip files which contain .reg files. Once you extract the content of these zip files on to your local system, double click on the file and click OK to the warning prompt, and the registry changes will be made automatically.
Now for Window Server
Fortunately, Windows Server 2008 R2 provides us administrators with a method for easily disabling USB drive access on Active Directory domain assets. Let’s get to work.

Defining the restriction ^


One important thing to keep in mind is that Microsoft made it MUCH easier to control removable drive access in Windows 7/Windows Server 2008 R2 Group Policy. If you need to restrict USB drives on earlier client operating systems (including Windows Vista), then one of the following links should prove helpful to you:
from one of your Active Directory Domain Services domain controllers or from an administrative workstation, open the Group Policy Management Console and link a new GPO to the appropriate target (domain, OU, etc.).
Within the Group Policy Editor, navigate to \Computer Configuration\Policies\Administrative Templates\System\Removable Storage Access.
NOTE: If you prefer to set these restrictions on a per-user basis instead of computer-wide, then use the Group Policy path \User Configuration\Policies\Administrative Templates\System\Removable Storage Access.
Group Policy - Removable Storage Access
Note from the above screenshot that we can use Group Policy to limit access to the following device classes:
  • Optical drives (CD and DVD)
  • Floppy drives
  • Removable disks (USB devices)
  • Tape drives
  • Custom device classes
By far, the most restrictive restriction (pardon the redundancy) is the policy All Removable Storage Classes: Deny All Access. If we enable this policy, as is shown in the following screen capture, then we prevent affected users from mounting ANY class of removable media.
All Removable Storage classes - Deny all access
Naturally, we want to apply GPO security filtering to ensure that only our desired users and computers are affected by our new policy. From the Group Policy Management Console we can make use of the Security Filtering and/or the WMI Filtering areas to properly scope our GPO. This is depicted in the following screen image:
Disable USB drive
In order to put your new GPO into effect immediately, open an administrative command prompt and issue the following command:
gpupdate/ force
This command refreshes Group Policy throughout your Active Directory domain.

How the restriction works ^

Once your GPO has been ingested by your domain, a user will see the following message box whenever they attempt to mount a restricted media device:


Follow this links to read more

http://www.techbuzz.in/enable-disable-block-usb-mass-storage-pen-drive-device-download-registry.php
https://4sysops.com/archives/how-to-disable-usb-drive-use-in-an-active-directory-domain/

Comments

Post a Comment

Popular posts from this blog

Best online IoT courses

Image
Internet of things, or IoT, refers to a system of computing and digital devices that are connected to the internet. As the world becomes increasingly digital, everything from coffee machines to cars will become connected. As technology develops and changes it's important to keep your skills up to date. To help, we've compiled a list of useful IoT courses for you to try out this year. Some are free, other are not but they all provide a sturdy foundation in IoT. Here are some of our favorites. 1. Coursera Coursera Provides a range of online IoT courses. From specialisation to general courses, there is a selection available from beginner to advanced levels. These are some of the courses available Industrial IoT on Google Cloud Platform Introduction to architecting smart IoT devices Programming with cloud IoT platforms Users can enrol with Coursera for free.  Read More
Read more

16 best free project management software programs

Image
When building a startup or scaling up a small business, project management is key. Here we offer 16 great project management software tools. Even better, all are free. Read on for the 16 best free project management software programs.  http://www.techworld.com/picture-gallery/startups/10-best-free-project-management-software-programs-3625922/
Read more

How to create an Amazon Alexa skill

Image
http://www.techworld.com/tutorial/apps/how-create-amazon-alexa-skill-3654733/ Alexa   is a 'smart' personal assistant made available to the public by the Amazon Echo in 2015 offering voice-driven applications that can be enabled to provide a whole host of information and run a range of tasks. Amazon offers plenty of skills (voice-enabled apps) ranging from news, travel planners and smart home skills to bedtime stories for children, fun facts and games. Through the Echo, Alexa can perform various tasks such as play music, look up the weather, turn your heating up or down and even (if configured correctly) make you a cup of tea in the morning...well boil the kettle anyway.
Read more