Disable USB storage except for one storage device

S

sram

[H]ard|Gawd
Joined
Jul 30, 2007
Messages
1,699
Like the title says. Is it possible to have all USB storage devices diabled (ie: if you plug in a flash drive or a USB disk, it just won't work while it would work if a USB mouse is plugged), however, if storage device A is plugged in, it will get detected/identified and work just fine?

OS is windows 7 and XP


I hope I made myself clear.


Thanks in advanced.
 
Arainach said:
Not out of the box, no.
Click to expand...

Of course it is not going to be out of the box. I was asking about third party software or some registry tweaks.

I'm sure there is a way. I actually found a nice little software which will enable you to enable/disable USB storage. But what if I want to have it enable itself if a certain identifiable storage device is hooked up?


Thanks.
 
you could set up USB storage to work like a network drive, and limit access that way, of course you'd need a labled USB data storage device is that is allowed but it would require a password to access the rest. Of course the easier method would be with Pro on XP or Pro/bussiness/ultimate on 7 to lock out removeable storage and require a password to access them.
 
I'm fairly certain that such functionality exists in AD GPOs ( never used it, only read about it ). If I'm right, i'm sure there's a way to do the same thing locally.
 
We disable USB at work, except for printers and mice/keyboard. However, we found that if users had installed the storage drivers BEFORE we made that policy, those devices still worked. So this MAY work, but no guarantee:

First you need to make sure the driver for the particular USB storage device is installed.

Then go to the folder:

WINDOWS\inf

It is hidden so you may have to show hidden folders.

Afterwards, you can right click the following file and edit the security permissions for who can use those ports for storage:

usbstor.inf

On the security tab, add the users or groups that are allowed to use any and all storage devices, such as Domain Admins. Anyone not added cannot use USB storage devices except the ones that have the drivers installed on the machine. At least, that is what happened to us.
 
Eiolon said:
We disable USB at work, except for printers and mice/keyboard. However, we found that if users had installed the storage drivers BEFORE we made that policy, those devices still worked. So this MAY work, but no guarantee:

First you need to make sure the driver for the particular USB storage device is installed.

Then go to the folder:

WINDOWS\inf

It is hidden so you may have to show hidden folders.

Afterwards, you can right click the following file and edit the security permissions for who can use those ports for storage:

usbstor.inf

On the security tab, add the users or groups that are allowed to use any and all storage devices, such as Domain Admins. Anyone not added cannot use USB storage devices except the ones that have the drivers installed on the machine. At least, that is what happened to us.
Click to expand...

Thanks man.
 
You must log in or register to reply here.
Back
Top