Disabling Usb storage devices in windows

To prevent data theft from computers disabling USB storage is important.

Follow these instructions to disable USB storage device

If a USB storage device is not already installed on the computer

If USB storage device is not installed Apply Deny permissions to the following files:
  • %SystemRoot%\Inf\Usbstor.pnf
  • %SystemRoot%\Inf\Usbstor.inf
  • %SystemRoot%\system32\drivers\usbstor.sys
If you deny permissions to above files users will not be able to install a USB storage device on the computer.

To assign a user or group Deny permissions to the Usbstor.pnf, Usbstor.inf and Usbstor.sys files follow these steps:
  • Click on Start -> Run type %SystemRoot%\Inf.
  • Find Usbstor.pnf. Right-click the Usbstor.pnf file, and then click Properties.
  • Click the Security tab.
  • In the Group or user names list, click the user or group that you want to set Deny permissions for.
  • In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.

    Note Also add the System account to the Deny list.
  • Right-click the Usbstor.inf file, and then click Properties.
  • Click the Security tab.
  • In the Group or user names list, click the user or group that you want to set Deny permissions for.
  • In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.

  • Click on Start -> Run type %SystemRoot%\system32\drivers
  • Find Usbstor.sys. Right-click the Usbstor.sys file, and then click Properties.
  • Click the Security tab.
  • In the Group or user names list, click the user or group that you want to set Deny permissions for.
  • In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
    The above steps will prevent users from installing USB storage device.

    If USB storage is already installed then follow these steps

    • Click Start, and then click Run.
    • In the Open box, type regedit, and then click OK.
    • Locate and then click the following registry key:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
    • In the details pane, double-click Start.
    • In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
    • Exit Registry Editor.
    • USB storage device will be disabled
    Connect a usb flash drive (pen drive) and check it is not detected

    Even after following above steps if it is not disabled then follow the these steps:

    • Click Start, and then click Run.
    • In the Open box, type regedit, and then click OK.
    • Locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet1\Services\UsbStor
    • In the details pane, double-click Start.
    • In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
    • Now Navigate to
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet2\Services\UsbStor
    • In the details pane, double-click Start.
    • In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
    • Exit Registry Editor.
    Now connect USB flash drive it will not be detected.

    Note:Disabling USB storage device does not effect connecting USB keyboard or USB mouse to your computer. It will only disable USB storage device.

    Print Friendly and PDF

    Labels: ,

    0 comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)