Announcement

Collapse
No announcement yet.

VBS Script for USB Disable

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VBS Script for USB Disable

    Ok, so I have this script - but something isn't quite working right...hoping for some pointers. The users that are added to respective groups aren't getting access to USB - when they plug it in - you hear the sound - that a new device has been plugged in, but it does not work. However, if a user account that has administrative rights on the computer goes to device manager, uninstalls and reinstalls the driver for the usb device, it will work...but a normal user who is just in the USB Enable group cannot do that.

    '
    Code:
     usbDisable.vbs
    ' VBScript to disable USB Storage devices
    ' to all users except those in a specific
    ' security group.
    
    
    '  Declare objects and varialbles
    Dim objShell, objSysInfo, objUser
    Dim strWord, strEnable, strDisble, strKey, strGroupPath, strGroupName, strTargetGroup
    
    On Error Resume Next
    
    '  Create the objects
    Set objSysInfo = CreateObject("ADSystemInfo")
    Set objShell = CreateObject("WScript.Shell")
    
    '  replaced real name w/ "group" for this forum
    '  Specify Security Group(s) to search for
    strTargetGroup1 = "group"
    strTargetGroup2 = "group"
    strTargetGroup3 = "group"
    strTargetGroup4 = "group"
    strTargetGroup5 = "group"
    strTargetGroup6 = "group"
    strTargetGroup7 = "group"
    strTargetGroup8 = "group"
    strTargetGroup9 = "group"
    strTargetGroup10 = "group"
    strTargetGroup11 = "group"
    strTargetGroup12 = "group"
    strTargetGroup13 = "group"
    strTargetGroup14 = "group"
    strTargetGroup15 = "group"
    strTargetGroup16 = "group"
    strTargetGroup17 = "group"
    strTargetGroup18 = "group"
    
    
    '  Set the default string values.
    strWord = "Start"
    strEnable = "00000003"
    strDisable = "00000004"
    strKey = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\"
    
    
    '  Write the default value to the registry.
    objShell.RegWrite strKey & strWord, strDisable, "REG_DWORD"
    
    
    '  Search AD info for group membership and set registry key if found.
    strUserPath = "LDAP://" & objSysInfo.UserName
    Set objUser = GetObject(strUserPath)
    
    For Each strGroup in objUser.MemberOf
        strGroupPath = "LDAP://" & strGroup
        Set objGroup = GetObject(strGroupPath)
        strGroupName = objGroup.CN
    
        Select Case strGroupName
            Case strTargetGroup1
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup2
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup3
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup4
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup5
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup6
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup7
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup8
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup9
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup10
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup11
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup12
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup13
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
            Case strTargetGroup14
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
    	Case strTargetGroup15
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
    	Case strTargetGroup16
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
    	Case strTargetGroup17
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
    	Case strTargetGroup18
    	    objShell.RegWrite strKey & strWord, strEnable, "REG_DWORD"
    
    
        End Select
    
    Next
    
    '  End of script.
    WScript.Quit
    Editted By Dumber: Wrapped Code tags arround the script.
    Last edited by Dumber; 16th August 2007, 20:15.

  • #2
    Re: VBS Script for USB Disable

    Make sure that you have changed the permissions on that registrykey to allow authenticated Users Full Control.

    You can do that by GPO; Computer Configuration/Windows Settings/Security Settings/Registry (after setting the permissions, the clients probably have to re-boot twice first)


    \Rems

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment

    Working...
    X