Case 1: If a USB storage device is already installed on the computer.
If a USB storage device is already installed on the computer, you can change the registry to make sure that the device does not work when the user connects to the computer. Important This task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article How to back up and restore the registry in Windows.
Follow these steps to set the Start value in the following registry key to 4 to prevent USB access:
1. Click Start, and then click Run. In the Open box, type regedit, and then click OK.
2. Locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
3. In the details pane, double-click Start.
4. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
5. Exit Registry Editor.
Case 2 : If a USB storage device is not already installed on the computer
If a USB storage device is not already installed on the computer, assign the user or the group and the local SYSTEM account Deny permissions to the following files:
%SystemRoot%\Inf\Usbstor.pnf and %SystemRoot%\Inf\Usbstor.inf
Follow these steps:
1. Start Windows Explorer, and then locate the %SystemRoot%\Inf folder.
2. Right-click the Usbstor.pnf file, and then click Properties.
3. Click the Security tab.
4. In the Group or user names list, add the user or group that you want to set Deny permissions for.
5. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
Also add the System account to the Deny list.
6. In the Group or user names list, select the SYSTEM account.
7. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
8. Right-click the Usbstor.inf file, and then click Properties.
9. Click the Security tab.
10.In the Group or user names list, add the user or group that you want to set Deny permissions for.
11.In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
12.In the Group or user names list, select the SYSTEM account.
13.In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
Note : We need to follow the same above steps to allow USB access ... All the best
No comments:
Post a Comment