To prevent users from connecting to USB storage devices, use one or more of the following procedures, as appropriate for your situation.
If a USB storage device is not already installed on the computer
If a USB storage device is not already installed on the computer, assign the user or the group and the local SYSTEM account Deny permissions to the following files:
%SystemRoot%\Inf\Usbstor.pnf
%SystemRoot%\Inf\Usbstor.inf
When you do this, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:
1. Start Windows Explorer, and then locate the %SystemRoot%\Inf folder.
2. Right-click the Usbstor.pnf file, and then click Properties.
3. Click the Security tab.
4. In the Group or user names list, add the user or group that you want to set Deny permissions for.
5. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
Note: Also add the System account to the Deny list.
6. In the Group or user names list, select the SYSTEM account.
7. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
8. Right-click the Usbstor.inf file, and then click Properties.
9. Click the Security tab.
10. In the Group or user names list, add the user or group that you want to set Deny permissions for.
11. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
12. In the Group or user names list, select the SYSTEM account.
13. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
If a USB storage device is already installed on the computer
If a USB storage device is already installed on the computer, you can change the registry to make sure that the device does not work when the user connects to the computer. Click here to know how to do.
If a USB storage device is not already installed on the computer
If a USB storage device is not already installed on the computer, assign the user or the group and the local SYSTEM account Deny permissions to the following files:
%SystemRoot%\Inf\Usbstor.pnf
%SystemRoot%\Inf\Usbstor.inf
When you do this, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:
1. Start Windows Explorer, and then locate the %SystemRoot%\Inf folder.
2. Right-click the Usbstor.pnf file, and then click Properties.
3. Click the Security tab.
4. In the Group or user names list, add the user or group that you want to set Deny permissions for.
5. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
Note: Also add the System account to the Deny list.
6. In the Group or user names list, select the SYSTEM account.
7. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
8. Right-click the Usbstor.inf file, and then click Properties.
9. Click the Security tab.
10. In the Group or user names list, add the user or group that you want to set Deny permissions for.
11. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
12. In the Group or user names list, select the SYSTEM account.
13. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
If a USB storage device is already installed on the computer
If a USB storage device is already installed on the computer, you can change the registry to make sure that the device does not work when the user connects to the computer. Click here to know how to do.
No comments:
Post a Comment