Block+Unauthorized+USB+Devices

Block Unauthorized USB Devices

Note: This tip may not apply to all versions of Windows.

In terms of computer security and privacy, USB devices are usually the weakest point. Even the strongest firewall or security software can be bypassed just by plugging in a USB drive.

With the growing amount of data a single USB flash drive can hold (up to 128 GB) and the increase to data transfer speed (with USB 3.0) you can imagine how easy it is to copy data to such a device. Using the newest generation of USB devices, data thieves can copy your entire hard drive in minutes.

Besides data theft and privacy issues, USB devices are now the main method of propagation for computer viruses and spyware. Inserting an unknown USB device into a computer can be dangerous. As most of the worms transmitted this way are new, they could go undetected even by the best security suites.

So, how can we protect our privacy and data from such a security risk? By giving access to the computer to only those USB devices that we trust.

This is easily done by modifying NTFS permissions on a few Windows system files to allow only specific users the right to install USB devices on that computer.

Note: - To follow the steps below in Windows Vista and 7, you need to be logged in with an administrator account or have administrator rights for the computer. Windows XP users, see the notes throughout the article for similar steps.

The files we need to modify are located in the Windows\inf folder on your primary partition (usually C :).

To make it easier to navigate to the folder and make sure you can find it regardless of how your partitions are set up. However, there is a shortcut:-

Go to the Start Menu and type the command Without the Quotes “%windir%\inf “into the search field. Enter

Note: In Windows XP, go to the Start Menu and click on Run, then type in the command again without the quotes “%windir%\inf “ Enter.

This will open an Explorer window directly to the inf folder. Scroll down the list of files and folders until you reach the files usbstor and usbstor.PNF (They should be next to each other).

To modify the NTFS permissions for these files, right-click on each file and select Properties (The last item on the menu).

In the Properties window go to the Security > Edit A new window containing NTFS permissions for the file will open.

Note: In Windows XP, if you do not see the Security tab, go back to the inf folder window Select Tools > Folder Options. Go to:- View tab and uncheck the “Use simple file sharing box “ (The last one under Advanced settings). After you click OK to apply, you should see the Security tab.

Warning! Do not deny permissions to the SYSTEM group. In addition, you must allow access to these files to at least one group of users. If you check Deny on all users, you will not be able to install new USB devices on that computer (That is until you reinstall Windows).

Here you can see a list of all the user groups active on your computer. Select the user or user group you want to block from installing USB devices and check the “Deny box next to Full control “ (Under Permissions for users). OK

If you receive a Windows Security warning, click Yes twice to apply the settings. Also, remember that you need to go through these steps and change permissions on both files.

To reverse these settings and allow the blocked users to install USB devices, log in with your administrator account Note:- (One that still has access to the files), follow the steps above and uncheck all the “Deny boxes for that user”. 