All USB type devices

system · January 22, 2010, 1:45am

(imported topic written by SystemAdmin)

Hey all,

Is it possible to create a relevance to check for every kind of USB device attached and not just storage devices? Can someone point me in th right direction?

cheers

system · January 22, 2010, 5:19am

(imported comment written by admccray91)

I recently took a forensics class and one of the things that i thought was interesting is that you can enumerate all of the USB devices ever used on that computer through the Registry, including the serial numbers if those devices. Im sure that there is a way to discover which ones are currently in use. I see if I can find the information when I get back in the office and post it here.

Adrian McCray

system · January 22, 2010, 5:43am

(imported comment written by SystemAdmin)

Thanks Adrian, that would be great!

system · January 24, 2010, 8:53pm

(imported comment written by JackCoates91)

Look in Analyses, BES Inventory and License, for one titled “USB Devices Detection (Windows)”.

system · January 24, 2010, 11:30pm

(imported comment written by SystemAdmin)

Jack, There isn’t a ‘Bes Inventory’ for my install. I’ve got:

BES asset discovery
BES power management
BES support

…but none of them have 'USB Devices Detection" unfortunately. Only got “History of USB connected drives” under security policy manager.

system · January 25, 2010, 1:36am

(imported comment written by JackCoates91)

Ah, that means you don’t have Systems Lifecycle Management – your sales rep can help with that. There’s a lot of useful stuff in it.

Here’s the analysis, note that it’s WMI so it’s relatively slow.

q: if (exists wmi) then (string values whose (it != "Generic volume" AND it != "HID-compliant consumer control device" AND it != "HID-compliant device") of selects (("Caption from Win32_PnPEntity where DeviceID='" & it as string & "'") of preceding texts of lasts "%22" of following texts of lasts "=%22" of (string values whose (it does not contain "USB\\") of selects "Dependent from Win32_USBControllerDevice" of wmi )) of wmi) else ("N/A")
A: Smart card filter driver
A: HID Keyboard Device
A: HID-compliant mouse
A: Bluetooth Device (RFCOMM Protocol TDI)
A: Standard Modem over Bluetooth link
A: Microsoft Bluetooth Enumerator
A: Bluetooth AV Source
A: Bluetooth AV Remote Control Target
A: Bluetooth Headset AG
A: Bluetooth Hands-free Audio
A: Bluetooth L2CAP Interface
A: Bluetooth Remote Control
T: 3514.662 ms

system · January 27, 2010, 1:07am

(imported comment written by SystemAdmin)

Thanks Jack …that relevance is going to be useful. We are looking at SLM in the coming budget year.