Announcement

Collapse
No announcement yet.

Restrict Removable Storage somewhat not running

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict Removable Storage somewhat not running

    I am applying the custom USB Storage policy across my domain, but found out that the computer still detects the USB removable storage (thumb drive, USB portable storage, etc).

    I found out from regedit that besides the DWORD value of Start under USBSTOR CurrentControlSet indeed changed to 4, there are other sets of ControlSet001 ~ 004 which their DWORD value remains at 3. Is this the reason why the computers still detect removable storage? If so, how can i turn all of them off with only one adm file? Can i add those/more-than-one KEYNAME in the code below? and, why some computer have ControlSet001 & 003, some have ControlSet001, 003, 004, some have ControlSet001, 002, 003, & 004? What do these ControlSets mean?

    CLASS MACHINE
    CATEGORY !!category
    CATEGORY !!categoryname
    POLICY !!policynameusb
    KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
    EXPLAIN !!explaintextusb
    PART !!labeltextusb DROPDOWNLIST REQUIRED

    VALUENAME "Start"
    ITEMLIST
    NAME !!Disabled VALUE NUMERIC 3 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
    END ITEMLIST
    END PART
    END POLICY
    END CATEGORY
    END CATEGORY

    [strings]
    category="Custom Policy Settings"
    categoryname="Restrict Drives"
    policynameusb="Disable USB Removable Drives"
    explaintextusb="Disables the USB Removable Drives capability by disabling the usbstor.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the usbstore.sys driver status in the drop-down list. \n\nNote that this will only prevent usage of newly plugged-in USB Removable Drives or Flash Drives, devices that were plugged-in while this option was not configured will continue to function normally. Also, devices that use the same device or hardware ID (for example - 2 identical Flash Disks made by the same manufacturer) will still function if one of them was plugged-in prior to the configuration of this setting. In order to successfully block them you will need to make sure no USB Removable Drive is plugged-in while you set this option. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the usbstore.sys driver status in the drop-down list."
    labeltextusb="usbstore.sys driver status"
    Enabled="Stopped"
    Disabled="Started"
    Last edited by ususim; 16th October 2009, 09:58.
    Mind is like a parachute, it only works when it's open!
Working...
X