Geekly Articles each Day
📜 ⬆️ ⬇️

Write protection on USB drives

USB Block image

Many wondered how to connect removable media in write-protection mode (readonly). This may require:

When there are hardware switches, there are no problems, in Unix systems, everything is also simple, you add the -o ro or -r parameter and the disks are mounted in the desired mode (readonly). In the Windows family of systems, the connection of partitions takes place in recording mode and automatically, while the system is unauthorized by the user, begins to write service information to the partition, thereby violating data integrity (which is critical in the production of technical expertise of storage media).

On Windows, the WriteProtect [dword] parameter in the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ StorageDevicePolicies registry key is responsible for mounting the removable storage media:

And for the identification and automatic connection of USB drives, the Start [dword] parameter in the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ USBSTOR registry key :

Companies choose which security policies to install: some struggle not to bring third-party programs (igruhi, etc.), some - to take nothing away (especially protected information). Sometimes, mindlessly simply prohibit all USB devices and users to exchange the necessary service information (when there is no shared LAN) have to be fairly encouraged to work within the framework of policies (write data to a CD and transfer through a computer network administrator who can read flash drives, etc.) . In my opinion, if the main goal is that the data do not leak, install (for certain groups) the readonly mode of working with flash drives.

There are several products that allow you to set modes with USB drives:

they all do an excellent job with their functions, they know how to work centrally with AD. The main disadvantage is a little expensive. How a weak alternative can fit a script in group policy:
')
SET WSHShell = CreateObject ("WScript.Shell")
WSHShell.RegWrite "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ StorageDevicePolicies \ WriteProtect", "00000001", "REG_DWORD"
or
SET WSHShell = CreateObject ("WScript.Shell")
WSHShell.RegWrite "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ USBSTOR \ Start", "00000004", "REG_DWORD"

UPD. Also, to disconnect the USB, you can use the following method: (thanks to the damnet method) (this method works if the USB storage device is not yet installed on the computer.)

1. Assign a user or group the denying rights to the following files:
% SystemRoot% \ Inf \ Usbstor.pnf
% SystemRoot% \ Inf \ Usbstor.inf
To do this, in the File Security tab, check the box next to Full Access - Deny, click apply.
2. Assign disabling rights to the SYSTEM account for these files.

For convenience in switching modes of access to the USB storage device has organized a small program USBWriteProtect . Who needs can use at your pleasure. Download here place.ifolder.ru/15535906
image
In the future I plan to increase the functionality of the program, but it will not be soon.
UPD. The program requires Microsoft Visual C ++ 2005 Redistibutable Package.

To make sure that Windows still does not manage to write anything to a USB drive, it tested the program:
1. We consider the checksum of a USB disk with an NTFS partition
md5sum / dev / sdb
215820fe569e57201c9b02b1fb37a272
2. Connect to a Windows XP computer with readonly flash drives
3. Browse files and directories on a flash drive, work with other applications.
4. Turn off the disk and check the checksum
md5sum / dev / sdb
215820fe569e57201c9b02b1fb37a272
5. Hooray! We are happy, readonly mode works.
6. We connect to the computer Windows XP with a standard mode of working with flash drives (write read)
7. Almost immediately turn off the disk and check the checksum
md5sum / dev / sdb
db9c636c35b352dbf024a73cd195c84f
8. And Windows did manage to modify the data for us)))

Source: https://habr.com/ru/post/78452/

More articles:


All Articles