But kbs and mice are mostly hot-pluggable, so locking all the USB ports except those in use doesn't prevent someone from unplugging the mouse or kb and sticking in a memory stick. Short of hard-coding those USB ports to specific hardware (if it's possible), the only solution is locking the processor in a cabinet - in which case all the ports are protected and none must be locked. Kind of a catch-22. Brad Wilson Invensys Operations Management SAMREF Project Team brad.wilson@xxxxxxxxxxxx 732-874-0087 cell 626-599-2502 office -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of phaese@xxxxxxxxxx Sent: Wednesday, March 23, 2011 12:42 PM To: foxboro@xxxxxxxxxxxxx Subject: Re: [foxboro] Windsnows Question Robert, USB mass storage devices can be disabled by the use of 2 small bat files. You can add them to the env files to enable or disable them. It's not 100% fool proof, If you leave the USB storage device in the PC and do a change env, the files is locked and can't be renamed. add the following to the env.dms file dmcmd run start D:/opt/customer/scripts/USB_ON.bat or dmcmd run start D:/opt/customer/scripts/USB_OFF.bat USB_ON.bat REM ## Tool to enable the use of USB Mass Storage Devices ## REM ## Created Invensys System Belgium ## REM ## No Rights can be claimed for failures and upgrades. ## REM ############################################################### c: cd %systemroot%\inf reg ADD HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 3 /f ren usbstor.inf.backup usbstor.inf ren usbstor.pnf.backup usbstor.pnf USB_OFF.bat REM ## Tool to disable the use of USB Mass Storage Device ## REM ## Created Invensys System Belgium ## REM ## No Rights can be claimed for failures and upgrades. ## REM ############################################################### c: cd %systemroot%\inf reg ADD HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 4 /f ren usbstor.inf usbstor.inf.backup ren usbstor.pnf usbstor.pnf.backup t Regards, Patrick Den Haese Invensys systems Belgium ----- Originele e-mail ----- Van: "Robert D. Balmer" <Robert_Balmer@xxxxxxx> Aan: foxboro@xxxxxxxxxxxxx Verzonden: Woensdag 23 maart 2011 16:24:28 GMT +01:00 Amsterdam / Berlijn / Bern / Rome / Stockholm / Wenen Onderwerp: [foxboro] Windsnows Question To those that use Windows everyday this may sound silly, but. Is there any way to lock down the USB ports not used by keyboard, mouse ect? In my dream world I could lock down unused USB port(s) except when you are logged in as System Engineer or other password protected environments. Thank you in advance for any information Robert Balmer Senior Application Analyst/Programmer CCST Climax Molybdenum Co. 2598 Highway 61 Fort Madison IA 52627 (319) 463-2206 _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave *** Confidentiality Notice: This e-mail, including any associated or attached files, is intended solely for the individual or entity to which it is addressed. This e-mail is confidential and may well also be legally privileged. If you have received it in error, you are on notice of its status. Please notify the sender immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. This email comes from a division of the Invensys Group, owned by Invensys plc, which is a company registered in England and Wales with its registered office at 3rd Floor, 40 Grosvenor Place, London, SW1X 7AW (Registered number 166023). For a list of European legal entities within the Invensys Group, please go to http://www.invensys.com/legal/default.asp?top_nav_id=77&nav_id=80&prev_id=77. You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail reception@xxxxxxxxxxxxx This e-mail and any attachments thereto may be subject to the terms of any agreements between Invensys (and/or its subsidiaries and affiliates) and the recipient (and/or its subsidiaries and affiliates). _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave