Selective connection of USB flash drives in Windows XP
By the nature of my activity (system administration), I have to constantly solve various interesting tasks for managing computers and networks.
Here is one of them.
Given:
Required:
Provide connection only one, approved by the heads of USB-flash drives , prohibiting the connection of others, unapproved (smile).
')
Solution:
How to disable USB flash drives altogether , found quickly - kb823732 article on support.microsoft.com "How to disable the use of USB storage devices"
In our case, this method is not suitable, because one flash drive should still work.
More Microsoft did not help anything.
Yandex and Googol sent me to buy all sorts of great programs that effortlessly cope with such problems.
I rejected this option right away - it’s unsportsmanlike, to use the program when the solution should be standard means.
And it was found.
No longer hoping for anything, I went to the Roux-Bord forum .
And I found there only one post with the necessary information.
Read, comprehend and proceed to action.
So, in steps (of course, you need to have local administrator rights):
What have we achieved in the end?
Allowed flash drive connects and disconnects without problems. If an unauthorized connection is attempted, Windows will detect the device, but it will not be able to install it, cursing as follows:
Moreover, a new key will be created in USBSTOR, which will unequivocally indicate an attempt to connect an unapproved USB drive.
Here is one of them.
Given:
- Computer production operators (Windows XP SP2)
- The boss approved USB flash drive for transferring data from industrial computers to computer operators
Required:
Provide connection only one, approved by the heads of USB-flash drives , prohibiting the connection of others, unapproved (smile).
')
Solution:
How to disable USB flash drives altogether , found quickly - kb823732 article on support.microsoft.com "How to disable the use of USB storage devices"
In our case, this method is not suitable, because one flash drive should still work.
More Microsoft did not help anything.
Yandex and Googol sent me to buy all sorts of great programs that effortlessly cope with such problems.
I rejected this option right away - it’s unsportsmanlike, to use the program when the solution should be standard means.
And it was found.
No longer hoping for anything, I went to the Roux-Bord forum .
And I found there only one post with the necessary information.
Read, comprehend and proceed to action.
So, in steps (of course, you need to have local administrator rights):
- Win + R (similar to Start -> Run), regedit.
- [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Enum \ USBSTOR]. This key stores information about all USB drives ever connected.
- We give ourselves full access to USBSTOR (right mouse button -> Permissions, check the Full access item in the ALL group).
- Delete all contents of USBSTOR.
- We connect the approved flash card, we are convinced that it was defined. A Disk & Ven_JetFlash & Prod_TS4GJF185 & Rev_8.07 type key (F5 for updating the list) should appear inside USBSTOR.
- Again RMB on USBSTOR, Permissions. We remove Full access from the ALL group, we reserve the right to read.
- The same rights must be assigned to the user SYSTEM, but this will not work directly. First you need to click the Advanced button, remove the Inherit from parent object checkbox ..., in the Security window that appears, say Copy. After clicking OK again, the SYSTEM user rights will be available for editing.
- To fix the effect, click the Advanced button again and check the item Replace permissions for all child objects ... We confirm the execution.
What have we achieved in the end?
Allowed flash drive connects and disconnects without problems. If an unauthorized connection is attempted, Windows will detect the device, but it will not be able to install it, cursing as follows:
Moreover, a new key will be created in USBSTOR, which will unequivocally indicate an attempt to connect an unapproved USB drive.
Source: https://habr.com/ru/post/52553/
All Articles