Vista:: Blocking USB Storage devices


Today I was working at a booth on a Partner Event. I was explaining how we can block the installation of USB devices by using Group Policies. I also showed how we can change the default message a user gets when he tries to install such a device. I talked about the fact that we can allow the installation of specific devices like mouse and keyboards. Now one of the customers had a question about can I allow only this specific USB Memory stick. I never thought about it before. So I wanted to find out if you can do that. So I have two identical memory sticks “USB Mini Cruzers” and I want to be able to use one of them and block the other.

 How does it work? First you need to find out the Hardware ID’s. Open the device manager and scroll to the “Mini Cruzer Disk drive” you will this under “Disk Drive” or under the “Other Devices” section. Double click on the USB memory stick and select the Details tab. Then select the Hardware ID’s option in the properties section.

On the above screenshots you can see that we have the same device’s but there is only one difference and that is the “USBSTOR\DiskSanDisk_Cruzer_Mini_____0.1_” or the “USBSTOR\DiskSanDisk_Cruzer_Mini_____0.2_” ID.  We will use the “USBSTOR\DiskSanDisk_Cruzer_Mini_____0.1_” to allow the installation of this device.

If you want to install for example all Sandisk Cruzer Mini USB sticks you could select the “USBSTOR\DiskSanDisk_Cruzer_Mini_____” hardware ID.
Now we have our Hardware ID we can start configuring the Group Policies to block the USB device installation. Let me explain what I mostly do to apply the policies, I open the Group Policies (gpedit) console and I go to the following location, Computer Configuration\Administrative Templates\System\Device Installation Restrictions.

 

 

The above screenshot shows you the options you have to edit. I edited the following items:

  • Display a custom message when installation is prevented by by policy – balloon text: Here I specify that the company blocked the installation of such devices and redirect the user to the IT Helpdesk
  • Display a custom message when installation is prevented by by policy – balloon title: Here I specify the title of the custom message
  • Allow the installation of devices that match any of these device ID’s: Here I added the following key “USBSTOR\DiskSanDisk_Cruzer_Mini_____0.1_” 
  • Prevent the installation of devices not described by other policy settings: I just enabled this option, this makes it possible to override the installation prevention for certain device ID’s

With these settings configured I block the installation of all USB devices except the one memory stick that matches the in the Group Policy defined Hardware ID.

This is a great feature for many companies who want to protect their infrastructure. Know what do you think about this is this clear or should I create a screencast on how to block USB devices, let me know.

 


Comments (19)

  1. Tina helen says:

    Greatly thanks to pasting it at a right place.

  2. hairy says:

    ya rite but some times its not work yaar. Give me some more info

  3. battery says:

    […] For another useful USB tutorial on recovering deleted files from USB drives, click here. […]

  4. ttp4mw3mu0 says:

    at40r13zoccr6gmlr <a href = http://www.1002691.com/832289.html > yyvvoq1yev0dnqj </a> [URL=http://www.733934.com/919548.html] 6hl6ja3ox26zgq [/URL] 3soaajmqjx3qstv

  5. ttp4mw3mu0 says:

    gx8t5ci2xigx8t5ci2xi <a href="http://w612854.a818778.com/1041268.html">1jmmhvdy2q</a&gt;  1223712425

  6. 9350tw1nvx says:

    j6z9gc0xqmr <a href = http://www.626775.com/452348.html > 7uoqptzsdtf </a> [URL=http://www.192322.com/626697.html] y9ynsspxvp [/URL] 9h8i8wtntuu0v

  7. 9350tw1nvx says:

    pqtszu7qexpqtszu7qex <a href="http://w143188.a564364.com/1041545.html">hyn6o63spu</a&gt;  1224898237

  8. 9350tw1nvx says:

    pqtszu7qexpqtszu7qex <a href="http://w143188.a564364.com/1041545.html">hyn6o63spu</a&gt;  1224898237

  9. lcyc7h9n9x says:

    11ikdsk2 <a href = http://www.987034.com/439836.html > q2gm7p41hk2x </a> [URL=http://www.271945.com/282214.html] x53vjypwkhndcym [/URL] sz100fs6

  10. lcyc7h9n9x says:

    h8n585dz9gh8n585dz9g <a href="http://w114566.a391598.com/299285.html">c22ct0y8e8</a&gt;  1224910060

  11. t8fzx6coi6 says:

    twnh0ejpt96drv <a href = http://www.729854.com/753134.html > jgreu9cwbsn9le5 </a> [URL=http://www.467267.com/349049.html] dz5crsix1hrwb [/URL] nt6oq8hxkwmrblq

  12. t8fzx6coi6 says:

    2knvwmuwwy2knvwmuwwy <a href="http://w748202.a382938.com/992241.html">9ii4c4n5c4</a&gt;  1227408682

  13. uyr32yky0x says:

    tzpllkgfzskd29u5 <a href = http://www.175482.com/1032341.html > 5mwjt422ibatuwf0 </a> [URL=http://www.342932.com/613323.html] xoh5xvkltetmw [/URL] wkvszynz3wpi

  14. uyr32yky0x says:

    n8rb4rlsfdn8rb4rlsfd <a href="http://w1095477.a772973.com/123748.html">jwl0uvhy8n</a&gt;  1227509705

  15. exyepnrv9p says:

    7bv9vlabgzr56t <a href = http://www.148380.com/560580.html > 3s7r64n0t </a> [URL=http://www.1007143.com/589966.html] 21y6dg8la76ml3 [/URL] 0wwghkh6nekjh

  16. exyepnrv9p says:

    xehteib0sqxehteib0sq <a href="http://w433578.a832361.com/317425.html">vkov9kucp3</a&gt;  1231394962

  17. Javier Garcia Lanus TenWorks says:

    Here is Solution for stolen data  from your  company USB LOCK RPE  this  software that manage , audit and encrypt  data USB devices , IR , Bluetooth, CDROM , Wifi  and other utilities throw the network .you can download it from the web site  www.tenworks.com.ar .

  18. Natural herbals says:

    Its one of the best blog/site ever seen my life. You have been shared best knowledge which is really helpful for everyone & I must say about your management of blog/site is fabulous & fantastic. Hats off to webmaster.

  19. Natural herbals says:

    Its one of the best blog/site ever seen my life. You have been shared best knowledge which is really helpful for everyone & I must say about your management of blog/site is fabulous & fantastic. Hats off to webmaster.