I would like to make USB storage devices Read Only. Please help me out .
I have tried the followig registry entries and published the same for the clients for system with Win XP SP2, but still the USB storage is not changed to Read Only.
Can you give us a link to some more information about how to perform this operation in Windows?
I am not sure if you have a problem with the relevance, action, or if there is a weird Windows behavior. Have you been able to set the registry key manually and see it working?
I just wanted to know how to make a USB storage device read only using the task or fixlet available from BigFix. I also tried using “Removal Media: Disable future use of USB storage device” task and changing the value of Usbstor to 00000001 from 00000004 so that it will disable write option, but it also did not work. Please help me to make USB storage device as read only.
I just tested the information from the technote that you sent from Microsoft and it worked for me on my Windows XP SP2 machine.
Make sure that “WriteProtect” is a dword value set to 1 under the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies”. It looks like you might have set a key called “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect”
Informal testing showed me that this key and value don’t do anything unless they already exist when the USB drive is inserted. For your testing, try setting the key manually and then remove and reinsert your USB drive. Once the setting has been created, any future USB drives that are inserted will also be constrained by the setting.
I have attached some sample fixlets to turn the setting on and off.
This is a really exciting find as more than one admin has been fretting about information leakage through USB drives.
These fixlets should be considered untested and you should test them thoroughly before using them in your production environment.
This is probably a good time to note that there are all sorts of wonderful Fixlets/Tasks like this in our “Security Policy Manager” site. You can disable USB devices, wireless devices, CD ROMs, Floppies, and so on. You can also check for weak passwords in Windows, you can run audits of your security settings for Windows, IIS, or SQL Server, you can change your email/browser settings, detect Instant message software, and much more…
Contact your sales representative for more information if you don’t have this site and you are interested in it.
I have not checked this. This query is from one of our customer, they are migrating all Windows XP machines to MS Vista so I just wanted to confirm the same.