Monday, December 2, 2013

How to Disable USB port on Windows



USB keys are now a days  not just a popular way to sneak data out from companies, unhappy employees may use USB ports for delivering trojans or spyware into the company networks.
Now some smart admins disable usb drive by changing the BIOS settings and then lock the BIOS using passwords. Some not so-smart admins fix tapes over the USB ports to prevent employees from inserting any USB device into their computer.
When you do this, the USB storage device does not work when the user connects the device to the computer.


However, both these approaches can prove to be counter-productive as your staff can no longer use USB keyboards, wireless mouse, digital cameras, camcorders, scanners, printers or even USB microphones to their computers.
So a more reasonable option for sysadmins is to disable write access to USB port so that data files cannot be written to the mass storage device. The USB thumb drive will be read-only.
Open the Windows Registry and open the following key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\StorageDevicePolicies

Now add a new DWORD called WriteProtect and put the value as 0 to disable write privileges to the USB port. To reverse the step, either delete the WriteProtect REG_DWORD or toggle the value to 1 which will enable the port.

Remember that the above trick works only with Windows XP SP2.



HOW TO DISABLE USB PORTS IN WINDOW XP

  1. Click Start, and then click Run. In the Open box, type regedit, and then click OK.
  2. Locate and then click the following registry key:
  3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
    In the details pane, double-click Start. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
  4. Exit Registry Editor.

HOW TO RE-ENABLE A DISABLE PORTS IN WINDOWS

  1. Click Start, and then click Run. In the Open box, type regedit, and then click OK.
  2. Locate and then click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
    In the details pane, double-click Start. In the Value data box, type 3, click Hexadecimal (if it is not already selected), and then click OK.
  1. Exit Registry Editor