4/28/2007

How to disable USB ports in your company computers ??

Are you the admin of some university or a company ?? Im sure you might be worried about data theft from the computers in your network or security problems, through external devices like flash drives.Most of these external devices get attached to the computers through USB ports.So how to disable USB ports on your computers ??

Traditional administrator way : Go to BIOS settings [Press Del when you see BIOS logo ] and disable your USB device from there.After that set a password to your BIOS [Users can reset BIOS password by removing the motherboard battery ]

Stupid way : Just buy a tape and seal the USB ports. [ In my college even CD drives are sealed this way ] . Being a administrator , you need to give the users a geeky look.So don't do it this way.

The above approaches are good but they both prevent other devices like printer and scanner from getting connected to your PC through USB.So, if you put some option like your users can just read data to USB ports and can't write any data,then it will be a bit useful.Some genuine users who want to bring some work related things from home can use it [ But this can't stop viruses,Using a anti virus solution is always recommended .]

Optimistic way : This works only for Win XP sp2 users.You just need to do a little bit change to your registry.Go to your registry editor by typing "Regedit" in your run and hit enter.Now navigate as shown below.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\StorageDevicePolicies

Now add a new DWORD called WriteProtect and put the value as "0" to disable write in your USB ports. For inversion, delete the WriteProtect REG_DWORD or toggle the value to 1 which will enable write in the port.

Final way : Aaah ! your users are not showing loyalty by still posing problems to you coming with flash drives that have viruses and injecting them into your network.Do you really want to disable users from connecting USB storage devices to their computers ??Here is the way :

Go to registry editor again and navigate as shown below.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\UsbStor

Now in the right side pane, double click Start and type 4 in the Value data box (Hexadecimal) and quit the registry editor. To enable the USB storage devices again , change the Start value back to 3.

But remember,If one makes something,there will be two waiting to break it.

If you like the post , subscribe to the blog.

3 comments:

In our company we have a bit of a different point of view to usb security. We've tried several registry tweaks, hardware lockers and special usb lockdown software. Each of these has its own pros and cons. But finally we started to use our desktop management tool desktop authority for these purposes. This tool does the job quite well, allowing us to block usb devices in a very granular way. After upgrading to the new version 7.7 of this solution, we were really pleased the new ability of blocking usb devices by their serial numbers. I hope this will be useful for everybody.

How does this work if company owns 200+ PCs? Does IT implement these steps on each individual PC or do they run some kind of VBS files?

Hogan scarpe are suitable for trail running. Americans have been adventurous all along is only endorsed by shoes that aim to safeguard lives of trail runners if Hogan scarpe uomo are anything to go by. Hogan scarpe donna is in the forefront of innovative technologies that eliminate fear element from trail runners' minds that otherwise are constantly haunted by the rough mountainous terrains, the forest route hogan donna run through without being able to concentrate on competition.

Post a Comment