Saturday, May 18, 2013

Deny USB storage access to your PC


Pen drives or otherwise known as flash drive, usb disk, thumb drive, usb stick is very popular among computer users due to its portability and ease of use.

Unfortunately, usb sticks and similar storage devices pose a great security risk either from unauthorized copying of confidential files and information or from malware / virus exposure on infected storage devices.

Here I will teach you how to Deny the use of usb storage devices on your computer.


Its going to be divided into two categories.

- Usb storage devices already used/installed in your computer (known)
- Usb storage devices that are not yet used/installed (unknown)


For known devices (already used / installed) you can block this by changing some values in your registry.

*Please be very careful in altering your registry, make a backup first before making any changes!*


STEPS :

1.) Go to Start > Run , type “regedit” and press enter to open the registry editor

2.) Navigate to the following key

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUSBSTOR




In the right pane, select Start and change the value to 4. (The value 4 will disable USB Storage). Then Click OK.

***To enable, just change the value back to 3

----------------------------------------------------------------------------------------------------------------------------------

For unknown devices (not yet used/installed) we are going to make changes on group policies.


1.) Type %windir%inf in the RUN dialog box and press Enter to open the "inf" folder.

2.) Now look for following 2 files:

usbstor.inf
usbstor.pnf


3.) Then you have to change their user permission settings.


Right-click on the file and select "Properties". Go to "Security" tab and select the desired user or group in "Group or user names" list which you want to restrict from using USB drives then click "Edit". In "Permissions for Users" list, click "Deny" checkbox next to "Full control" option and then click on OK.