How can I prevent users from using USB removable disks (USB flash drives)?
I have seen this question several times at different message boards, so I’ve decided to write an article about it. Removable USB devices, specifically storage disks (also known as flash drives or “Disk on Key” and other variations) are quickly becoming an integral part of our electronic life, and now nearly everybody owns one device or another, in forms of small disks, external hard drives that come enclosed in cases, card readers, cameras, mobile phones, portable media players and more.
Portable USB flash drives are indeed very handy, but they can also be used to upload malicious code to your computer (either deliberately or by accident), or to copy confidential information from your computer and take it away. Whenever a new USB device is plugged-in to a USB port, the operating system checks the device and hardware id to determine if it’s a storage device or not. If it determines that it is indeed a mass storage device it will load the appropriate driver, and will display the device as a drive in the Windows Explorer tree view. This is done by using the usbstor.sys driver. If the device does not have a drive letter, you will need to assign one to it by using the Disk Management snap-in found in the Computer Management tool. If you disable the ability of the usbstor.sys driver to run on the computer, you will in fact block the computer’s means of discovering the flash drive and loading the appropriate driver. This does not disable usb devices that aren’t for storage.
Note that this will only prevent usage of newly plugged-in USB Removable Drives or flash drives, devices that were plugged-in while this option was not configured will continue to function normally. Also, devices that use the same device or hardware ID (for example – 2 identical flash drives made by the same manufacturer) will still function if one of them was plugged-in prior to the configuration of this setting. In order to successfully block them you will need to make sure no USB Removable Drive is plugged-in while you set this option. Note: This tip will allow you to block usage of USB removable disks, but will continue to allow usage of USB mice, keyboards or any other USB-based device that is NOT a portable disk. So you can disable portable USB Disks and not disable usb devices that perform other tasks. You should also read Disable USB Disks with GPO and Disable Writing to USB Disks with GPO. It’s worth mentioning that in Windows Vista Microsoft has implemented a much more sophisticated method of controlling USB disks via GPO. If you have Windows Vista client computers in your organization you can use GPO settings edited from one of the Vista machines to control if users will be able to install and use USB disks, plus the ability to control exactly what device can or cannot be used on their machines.
Disable USB Disks
To block your computer’s ability to use USB Removable Disks follow these steps:
- Open Registry Editor.
- In Registry Editor, navigate to the following registry key:
- Locate the following value (DWORD):
Start and give it a value of 4. Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you’re supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.
- Close Registry Editor. You do not need to reboot the computer for changes to apply.
Enable usage of USB Removable Disks
To return to the default configuration and enable your computer’s ability to use USB Removable Disks follow these steps:
- Go to the registry path found above.
- Locate the following value:
Start and give it a value of 3. You can download a .REG file that configure this setting right HERE (1kb).