[gptalk] Re: USB storage block problem.

  • From: Linux'o Mania <linuxomania@xxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Wed, 18 Apr 2007 09:00:08 +0100 (BST)

  First you put this vbscript in Computer Configuration > Windows Settings > 
Scripts > Startup section. 
  Now when you restart the computers, it will do the following....
   Will set the USBSTOR key's startup value to 4 (original is 3). This will not 
let the USB Mass Storage devices start.  
   Will deny anyone's access from usb.inf, usb.pnf files. This will deny any 
newer devices from getting detected....
  Please test & share results...

Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
  What happens with our old script is that, when users plug in a new usb device 
the device gets accepted! I'll test the script you have send and will let you 
know as soon as possible, how it fares.

thanks for the help! 

  On 4/18/07, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:  Can you explain a 
bit more detailed, we already have a bat file running as logon script, where do 
I putt his script, run from the bat file or separately at Computer Startup 
event? if so can u guide me step by step.

thanks for the reply!

  On 4/18/07, Linux'o Mania < linuxomania@xxxxxxxxxxx> wrote:     Use this 
script in GPO's Computer Startup event....
  Dim WshShell,Retvalue
Set WshShell = CreateObject("Wscript.Shell")
  Retvalue = WshShell.run ("%comspec% /c  %logonserver%\netlogon\xcacls 
%windir%\inf\usbstor.inf /D everyone /T /Y",0,False)
  Retvalue = WshShell.run ("%comspec% /c  %logonserver%\netlogon\xcacls 
%windir%\inf\usbstor.pnf /D everyone /T /Y",0,False) 
Set WshShell = Nothing

    Ananth Rajagopal < ananth.rg@xxxxxxxxx> wrote:
  Hi all,

We have this script running in our Windows 2003 domain. 

@echo off


regedit /s "\\Tai3dserver\SYSVOL\tai3d .com\scripts\disable.reg" 

"\ \Tai3dserver\SYSVOL\tai3d.com\scripts \subinacl.exe" /keyreg 
\system\currentcontrolset\services\usbstor /deny=system

the subinacl.exe deployment was advised by Mr. Ray Lewis, basically what the 
script does is, it modifies a registry value such that usb removable storage 
devices are not read by the system, but new usb storage devices are getting 
accessed, how do i block the modification of this registry value? Kindly 
suggest methods, I'm a novice in this... 

best regards

  Yahoo! Mail is the world's favourite email. Don't settle for less, sign up 
for your free account today.  

 Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for 
your freeaccount today.

Other related posts: