Removable Media: Disable Future Use of USB Storage Devices

system · June 17, 2008, 3:27pm

(imported topic written by jpeppers91)

I deployed this action to several machines and the users were still able to use external storage such as thumb drives and etc. Any idea why this didn’t work?

Action…

regset "

HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\RemovableMedia

" “UsbStorCache”=dword:{value “Start” of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor” of registry}

regset "

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

" “Start”=dword:00000004

leewei · June 17, 2008, 4:33pm

(imported comment written by Lee Wei)

Does this Microsoft KB shed any light on your scenario?

It references whether the storage device is already installed.

If so, we use the following to do disable in the Action Script:

dos echo Y|cacls “{pathname of windows folder & “\inf\usbstor.inf”}” /E /D Users Administrators

dos echo Y|cacls “{pathname of windows folder & “\inf\usbstor.pnf”}” /E /D Users Administrators

system · June 17, 2008, 9:17pm

(imported comment written by jpeppers91)

The reg settings doesn’t hold once you plug another device in the usb port. I plugged in a thumb drive and it wasn’t accessible. I plugged in a Ipod, unplugged it and reinserted my thumb drive and it was accessible. Also there isn’t a usbstor.inf or pnf file to be found.

Not sure what is going on here…

jp

system · June 24, 2008, 6:12pm

(imported comment written by jpeppers91)

Anyone?

BenKus · June 25, 2008, 12:52pm

(imported comment written by BenKus)

Hi jpeppers,

Are you referring to the Fixlet on the Security Policy Manager Fixlet site or a custom Fixlet you wrote?

Thanks,

Ben

system · June 25, 2008, 3:18pm

(imported comment written by jpeppers91)

The Security Policy Manager Fixlet

BenKus · June 26, 2008, 10:16am

(imported comment written by BenKus)

This is from one of our Fixlet developers:

“Were the USB already plugged in when the user ran the action? That might explain it. The fixlet prevents future use of USB, but cannot control current use.”

Ben

system · August 6, 2008, 8:45pm

(imported comment written by rkc91)

Disable it using Group Policies

system · May 18, 2009, 11:50pm

(imported comment written by jpeppers91)

Back on this again. There is a fixlet and a task that references disabling USB storage. The task disables future use of usb storage by making registry entries. The fixlet sets permissions on the driver itself. Which of the 2 is more effieicent? Denying permissions on the driver, wouldn’t that prevent future use?

BenKus · May 19, 2009, 12:03pm

(imported comment written by BenKus)

I think the Fixlet only works on WinXP Home, but the Task works on more OSes.

Ben

system · July 13, 2009, 7:02pm

(imported comment written by jefta_vito91)

will the fixlet disable the usb storage right away even if it is currently being used?or does it prevent future use like the task?

thanks…

MirzaUsama · April 21, 2015, 12:55pm

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)