Home » , , » HOW-TO: Disable USB Storage Devices

HOW-TO: Disable USB Storage Devices

IT infrastructure engineers install firewalls to protect the intra-net from outside. Mail filters on SMTP servers are there to protect users from SPAM. Anti-virus software are deployed to further boost protection on the workstation itself. Regardless of whatever software or hardware is put in place, it serves to beef up security.

One of the many open portals or backdoors that may compromise the infrastructure as a whole is the USB port. Why?.. because USB portable storage devices are probably the next best thing since sliced bread in the storage world -- portable, handly, concealable, you name it. As many as its advantages are its disadvantages. To secure the infrastructure, the access to the USB port needs to be restricted. But how?

A year ago 1GB seemed to be a lot, but 2GB is even frowned upon now. This topic is a bit old.. But still the threat is out there in the open. And the issue is still a hot topic for debate. There is a lengthy instruction on how this can be done but there is no concrete solution that permanently works. Even microsoft has published a lengthy procedure that outlines how this is done.

The procedure outlined in the microsoft KB article, suggests the denial of permissions on the two files responsible for the installation of drivers and services for USB storage functionality.
%SystemRoot%\Inf\Usbstor.pnf
%SystemRoot%\Inf\Usbstor.inf

The deny permission is important especially if the users are non-administrators. The mentioned files could also be renamed, but it needs to be noted so that the procedure can be reversed if need be.

Aside from the above, the registry needs to be checked for this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

The value for the data key "Start" should be set to 4 (or Disabled) from 3 (or Automatic). The value determines whether the driver is loaded or not when Windows starts. A reboot will be required after the changes.

But for a person who wants a click and go solution, one may want to try another utility to achieve the same purpose. You may download the utility from the author's website.



The click and go solution can also quickly reverse the procedure to enable USB storage devices. The only thing it cannot do is work around the required reboot.

Tighter security always sacrifices functionality. As usual, the goal is to strike a balance between the two. But when it comes to the balance and trade-offs, it is always a grey area.
Share:

Subscribe for Latest Update

Popular Posts

Post Labels

100gb (1) acceleration (1) acrobat (1) adblock (1) advanced (1) ahci (1) airdrop (2) aix (14) angry birds (1) article (21) aster (1) audiodg.exe (1) automatic (2) autorun.inf (1) bartpe (1) battery (2) bigboss (1) binance (1) biometrics (1) bitcoin (3) blackberry (1) book (1) boot-repair (2) calendar (1) ccleaner (3) chrome (5) cloud (1) cluster (1) compatibility (3) CPAN (1) crypto (3) cydia (1) data (3) ddos (1) disable (1) discount (1) DLNA (1) dmidecode (1) dns (7) dracut (1) driver (1) error (10) esxi5 (2) excel (1) facebook (1) faq (36) faucet (1) firefox (17) firewall (2) flash (5) free (3) fun (1) gadgets (4) games (1) garmin (5) gmail (3) google (4) google+ (2) gps (5) grub (2) guide (1) hardware (6) how (1) how-to (45) huawei (1) icloud (1) info (4) iphone (7) IPMP (2) IPV6 (1) iscsi (1) jailbreak (1) java (3) kodi (1) linux (28) locate (1) lshw (1) luci (1) mafia wars (1) malware (1) mapsource (1) memory (2) mikrotik (5) missing (1) mods (10) mouse (1) multipath (1) multitasking (1) NAT (1) netapp (1) nouveau (1) nvidia (1) osmc (1) outlook (2) p2v (2) patch (1) performance (19) perl (1) philippines (1) php (1) pimp-my-rig (9) pldthomedsl (1) plugin (1) popcorn hour (10) power shell (1) process (1) proxy (2) pyspark (1) python (13) qos (1) raspberry pi (7) readyboost (2) reboot (2) recall (1) recovery mode (1) registry (2) rename (1) repository (1) rescue mode (1) review (15) right-click (1) RSS (2) s3cmd (1) salary (1) sanity check (1) security (15) sendmail (1) sickgear (3) software (10) solaris (17) squid (3) SSD (3) SSH (9) swap (1) tip (4) tips (42) top list (3) torrent (5) transmission (1) treewalk (2) tunnel (1) tweak (4) tweaks (41) ubuntu (4) udemy (6) unknown device (1) updates (12) upgrade (1) usb (12) utf8 (1) utility (2) V2V (1) virtual machine (4) VirtualBox (1) vmware (14) vsphere (1) wannacry (1) wifi (4) windows (54) winpe (2) xymon (1) yum (1) zombie (1)

Blog Archives

RANDOM POSTS