This Post talks answers the below queries.
1. How to block usb Mass storage – flash memory drives , USB Flash Memory devices in windows XP based PCs?
2. How to remove ability to install new usb mass storage devices ?
3. How to disable autorun feature of USB drives ?
Next post answers
3. How to enable Blocked USB mass storage devices or flash memory devices in corporate networks?
—-
Typically USB Mass storage devices like USB Flash drives or Pen Drives or similar devices (sandisk,Transcend ,U3 Micro cruzer, Kingston ) and Portable hard disk drives like seagate,western digital etc or any USB mass storage device can be blocked in windows xp PCs by editing registry and removing some driver files/making the files protected.
Step 1 : If the device is not installed already and you need to block any new installations
The access to following files can be restricted.
%SystemRoot%\Inf\Usbstor.pnf
%SystemRoot%\Inf\Usbstor.inf
Where %SystemRoot% is C:\Windows\System32\ Folder if windows is installed in C. Replace the drive letter based on installation.
Hence you should look for these files under
C:\Windows\System32\Inf\Usbstor.inf
This file has driver information about USB Mass storage devices. If this file is made restricted or deleted, users cant install new Flash drives or any USB hard drives. [This will not affect other USB devices like Mouse, keyboard etc]. When we say restricted make the file accessible only to administrators, if you are talking about kiosk, internet center PC just delete the Usbstor.inf file so no one can install it.
2. If your USB mass storage device is already installed then change the below registry entry value to 4. Its default value is 3 which is USB Mass storage devices enabled condition.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
When you do this, the USB storage device does not work when the user connects the device to the computer.
To set the Start value, follow these steps:
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate and then click the following registry key:
4. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
5. In the details pane, double-click Start.
6. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then
7. click OK.
8. Exit Registry Editor.
Your USB Mass storage devices will not be detected if this value is changed. This will NOT affect Mouse,Keyboard or any other USB hardware.
if i will to restrict all but onli 1 available usb port…is it possible?
Nope that is not possible
Enjoying reading your blog. Hard work always pays off.
waht if the “run” is desibled and the registry desibled also by admin?
This did not stop my employees to connect their Nokia phones and use the memory of the phone. Any chance to stop them using mobile phones or any kind of device with storage capabilities?
You can run “regedit.exe” file from %systemroot%\windows if you are unable to access ‘Run’ command. for ex : c:\windows\regedit.exe
This is not useful dear
Hi your tip is a life saver, I gonna impliment this in my client’s computer. Good Job ! Thanks a lot.
when we use another usb (different company make) the value of USBSTOR is automatically changed from 4 to 3. what we do that the value is remian 4 ?
Hi, thanks for the info and cleaner way to do the job!
hi my name is sunil verma how to disable pen drive other method
it worked for me in wiondows 7 .But the device name has not been changed…..
Excellent Job.
Works to block everything I wanted. Including Phones. BTW, tested with Nokia 5800 & Blackberry Bold 9700. BB software was already installed. The Nokia has not been plugged into the PC before. But both was not detected. So I’d say this tip works like a charm.
Thanks.
sorry but this registry editing techiniq is not working
What’s Going down i am new to this, I stumbled upon this I have found It absolutely helpful and it has aided me out loads. I’m hoping to give a contribution &
assist other customers like its helped me. Good job.