Disabling removable USB storage - W32
Results 1 to 10 of 10

Thread: Disabling removable USB storage - W32

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883

    Disabling removable USB storage - W32

    I had someone come to me looking to disable USB storage devices while at the same time, leaving them active for I/O devices like a mouse, CDROM, etc. Of course the goal is to stop people from walking up to a workstation and making off with classified information.

    I did find a solution to this and I thought that it was useful enough to pass along to others.

    Have a look at how easy it is.

    Just open regedit and browse to this key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

    Look for the 'Start' key.

    Switch this value to 4, and USB storage devices are disabled.

    Switch this value to 3, and USB storage devices are enabled (this is the value by default).

    This stops the USB storage drivers from loading when the OS boots up. It's a nice little security feature that is easy to distribute across the enterprise as well. Note that this *only* impacts removable storage, no other USB devices. Pretty kewl huh?



    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Very kewl Mr Horse

    I didnt think you could do that with out disabling all the usb devices

    Great tip

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Yeah man, when I heard the requirement I was ready to say, "Nope, Windows isn't smart enough to deal with this..." but I researched it anyway. Needless to say I was surprised that MS thought about this and second, I was surprised that such a simple change actually worked.

    Pass it on man. This is my new favorite reg hack, replacing the SYN flood protection reg hack as #1.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Good find. However, without a genital Reg hack, that's not a man you're talking to

    I've toyed with the registry before just because I wanted to see what you could do. I think you were talking to me while I did it and I said I was a changed man fater that and I was. I managed to make AIM allow more than 200 buddies on my buddy list with a simple hack I did, I should boot up my Windows box and see if I can remember where it was that I did it. It was really easy and gave me 300 buddies.

    Maybe we should make a Registry hack thread and put all our little hacks in them for people to search through. I have another one I think for Windows 98 that pops up the CD Key in case yuo lose it somewhere around here.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    LOL.

    I'm writing an article on handy reg hacks that will be published later this month.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    There is another way to do it too, along with your reg hack.

    http://support.microsoft.com/kb/823732

    So, you could allow some while restricting others.

    How does it react to devices like digital cameras, cell phones, mp3 players, or PDAs that have utilities to access the removable media? The user would have to have permission to install the utilitiy, but just curious if it disables those devices too?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Anything that uses the removable media drivers will fail.

    For instance, I have a digital camera that has the ability to appear as a disk drive when mounted. When I set that option, the host would not mount the device.

    I'm going to test my daughter's SanDisk MP3 player this evening. I'll let ya know how it goes.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member
    Join Date
    Mar 2005
    Posts
    400

    Posted last year

    I mentioned this last year and the thread below gives a different twist on this subject:

    http://www.antionline.com/showthread...ht=disable+usb

    It makes USB devices readable but not writeable.
    ZT3000
    Beta tester of "0"s and "1"s"

  9. #9
    Member
    Join Date
    Sep 2005
    Posts
    47
    Originally posted here by thehorse13
    LOL.

    I'm writing an article on handy reg hacks that will be published later this month.

    --TH13
    Wanna leak any teasers?


    BTW, useful hack.

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Nah, but I will tell you that these reg hacks are pretty damn useful. You will be able to find the article on enterpriseITplanet.com under features>security at the end of this month.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides