Disabling Drives

Printable View

January 13th, 2004, 07:24 PM
AngelicKnight

Disabling Drives

I am in need of disabling the floppy and CD drives of individual computers where I work. The employees don't need those drives, and we need to disable them to prevent them from being used. Other than just outright removing the drives, how do you disable them in Windows so that users cannot use them?
January 13th, 2004, 08:01 PM
DeadAddict

There is one thing that you can try doing but any person who knows the windows O.S very well can get around this if you are running windows xp go into the control panel and double click on the system icon the click on the hardware tab and browse to the floppy and cdrom drive you want to disable then right click on it and then select disable that will prevent the drive from working and showing up.
January 13th, 2004, 09:47 PM
MemorY

you can also go to right click my computer and click Manage and then click "Device Manager" and disable or uninstall any hardware there. You also can restrict access to the Device Manager so that limited users can't access it. I dont know how though i wasn't on an network administrator account that much to try it out.
January 13th, 2004, 10:21 PM
groovicus

Quote:

Disable the ability to boot from a floppy or CD ROM on physically unsecured systems.
There are a number of 3rd party utilities that pose a security risk if used via a boot disk (including resetting the local administrator password.) If your security needs are more extreme, consider removing the floppy and CD drives entirely. As an alternative, store the CPU in a locked external case that still provides adequate ventilation. You can also restrict access to the floppy and CD-ROM drives in Windows XP Professional via the Local Computer Policy in the MMC (Click Start > Run > type GPEDIT.MSC > Go to Computer Configuration > Windows Settings > Security Settings > Local Policy > Security Options )
Disable AutoRun for the CD-ROM
One of the easiest ways for a hacker with physical access to a company's PC's to distribute malicious code is via the CD-ROM. By creating a custom CD with a payload set to launch from the autorun feature in any machine, a hacker can affect any number of unlocked systems without ever leaving a fingerprint or touching a keyboard. Or he/she can simply leave a few of these lying around the office marked "MP3's", or "Payroll Data" and wait for an unsuspecting user to simply pick it up and insert it into their machine. You can disable this function in Windows XP Professional by clicking Start > Run > and type GPEDIT.MSC Then go to Computer Configuration > Administrative Templates > System > Locate the entry for Turn autoplay off

Is this what you are looking for?

Lots of goodies here: http://www.labmice.net/articles/winx...ychecklist.htm

Another good link for future reference: http://www.microsoft.com/technet/tre..._scewhatis.asp
January 13th, 2004, 11:31 PM
Zonewalker

umm... why not just lock the drives with a physical lock... much better than any software you can find... users cannot get around this unless they have a key which of course will be kept by the IT manager

look here

http://www.securitykit.com/drive_locks.htm

Z

PS loads more shops which sell this kind of stuff but the above will give you an idea what to look for
January 19th, 2004, 01:51 PM
decyberworld

Quote:

Originally posted here by groovicus
Is this what you are looking for?

Lots of goodies here: http://www.labmice.net/articles/winx...ychecklist.htm

Another good link for future reference: http://www.microsoft.com/technet/tre..._scewhatis.asp

to make sure they dont go to the device manger, reduce their rights when creating an account for them