Disable USB ports to prevent unauthorized data transfers

Tags: None

Report as spam Discussion - Post 48 of 117

Simple, elegant, and flexible: Try It!

The solution to this is actually so simple, yet not as drustic as epoxying the USB connectors (Whoa!) or as inflexible as disabling the USBPort in the BIOS and using a pwd (did I hear Paranoia?...).
Here's what we do in our organisation (10K+ users):
Create a GPO, put in it (machine section/startup)a script to remove permissions to the file USBSTOR.DLL to everyone but the SYSTEM account (and possibly Admins), and you're done. The file is located in the winnt\system32 dir.
Elegant, no? Plus,you can still use your USB mouse or anything that's not storage-related (i.e. HD,Flashcards, CD/R/RW, etc).
Enjoy.

Posted: 01/16/2003 @ 08:13 AM (PST)

gziv@... 2: Job Role: IT Consultant; Location: Edmonton, Alberta; Member since: 08/26/2001

View Profile | Send Message

Post a Reply Save

« Previous | Next »

Print/View all Posts | Subscribe to this Thread

Read original item: Disable USB ports to prevent unauthorized data transfers

Port Locks___._ | 01/15/2003 @ 05:07 PM (PST)

Software Locksphilip.coakes@... | 01/15/2003 @ 07:44 PM (PST)

try a little trust- it's cheaperErich.Izdepski@... | 01/15/2003 @ 09:30 PM (PST)

Why Trust In Two Wordshoffelrl@... | 01/15/2003 @ 09:51 PM (PST)

What about other USB peripherals?Winterfrost | 01/15/2003 @ 11:42 PM (PST)

Unplug the mouseCenterDirector | 01/16/2003 @ 05:08 AM (PST)

Re: USB splittersEarl Bediant | 01/17/2003 @ 11:44 PM (PST)

Too true...scviking@... | 01/18/2003 @ 08:47 AM (PST)

Custmom ADM temlpate for disabling USBjoe_marsden@... | 11/19/2004 @ 07:14 AM (PST)

Custom ADM temlpate for disabling USBalin@... | 02/24/2005 @ 09:34 AM (PST)

Disable USB What about other USB peripherals?rich.leclair@... | 08/20/2004 @ 08:38 AM (PDT)

New Mobosjbaker@... | 05/18/2005 @ 09:30 AM (PDT)

Why Trust In Two Words More Whysiddman | 01/16/2003 @ 01:39 AM (PST)

That was the important exampleBFraser | 01/16/2003 @ 05:27 AM (PST)

Can you stop a determined foe?the docman | 01/18/2003 @ 04:04 AM (PST)

That's a weak argument...TomSal | 01/20/2003 @ 04:00 AM (PST)

Wake up & smell the coffee.Michel Pizaz | 01/16/2003 @ 01:03 AM (PST)

Bahdgood@... | 01/16/2003 @ 09:21 PM (PST)

This is whykevaburg@... | 01/22/2003 @ 03:41 AM (PST)

Me toobikernerd | 01/28/2003 @ 12:38 AM (PST)

you must have a nice budgetVenVen | 03/03/2004 @ 09:10 AM (PST)

Possible in Linux...jellyroll | 01/16/2003 @ 04:54 PM (PST)

Alternative solutionshowady@... | 02/27/2004 @ 05:25 AM (PST)

USB Lock RP v 2.0 (New)Systadm | 08/19/2005 @ 11:17 AM (PDT)

USB Lock RPitmgrte | 09/09/2005 @ 02:11 PM (PDT)

Linux SecurityFixITright_theFirstTime | 01/16/2003 @ 03:00 AM (PST)

Paranoia!FreeMan50 | 01/16/2003 @ 05:26 AM (PST)

Paranoia is rightrick@... | 01/16/2003 @ 06:13 AM (PST)

Agreedjammer2k | 01/17/2003 @ 02:03 AM (PST)

Network Printeralvarocervantes@... | 01/17/2003 @ 05:01 AM (PST)

A little paranoia is good for the soulTheChas | 01/17/2003 @ 09:34 AM (PST)

A Potential Solution...glen@... | 01/16/2003 @ 06:19 AM (PST)

Key solutionardieroque@... | 01/16/2003 @ 06:54 AM (PST)

Enterprise Solutionhigginbm@... | 01/16/2003 @ 08:41 PM (PST)

It's still a riskscviking@... | 01/18/2003 @ 09:40 AM (PST)

Why disable USB?scviking@... | 01/18/2003 @ 10:22 AM (PST)

USB is the only port available.Cyclopz | 01/21/2003 @ 02:31 AM (PST)

USB LOCKSystadm | 06/14/2005 @ 11:27 AM (PDT)

USB Lockyaaky | 06/14/2005 @ 11:27 PM (PDT)

Have you tried it ?Systadm | 06/24/2005 @ 07:42 PM (PDT)

You Must Be Crazybryen@... | 01/16/2003 @ 07:11 AM (PST)

Tape over users' eyesshiva | 01/16/2003 @ 08:22 AM (PST)

April Fools?lksixt | 01/17/2003 @ 12:29 AM (PST)

Really a good solution...s.cabrera | 09/01/2004 @ 07:50 AM (PDT)

Blocking USB ports.jallison@... | 01/16/2003 @ 07:32 AM (PST)

Not on standard ATXTheChas | 01/16/2003 @ 09:57 AM (PST)

But...GuruOfDos | 01/25/2003 @ 03:15 AM (PST)

Simple, elegant, and flexible: Try It!gziv@... | 01/16/2003 @ 08:13 AM (PST)

All right!kirm | 01/16/2003 @ 08:47 AM (PST)

Deny hardware changesivar@... | 01/16/2003 @ 05:29 PM (PST)

Interesting and effective?rdunn@... | 01/16/2003 @ 10:12 PM (PST)

rename USBSTOR.DLL on WIN98/MEandrewlim@... | 01/17/2003 @ 02:23 AM (PST)

no .dll or .sys file, please helpmrpadilla | 07/11/2005 @ 06:12 PM (PDT)

You should give this a trySystadm | 07/11/2005 @ 07:24 PM (PDT)

Hmm....scviking@... | 01/18/2003 @ 10:54 AM (PST)

scViking: A clarification.gziv@... | 01/23/2003 @ 08:06 AM (PST)

Thanksscviking@... | 01/24/2003 @ 03:12 AM (PST)

but how to make the script :)ronz17@... | 03/30/2004 @ 08:23 PM (PST)

Clarification... better late than never...gziv@... | 08/18/2004 @ 03:46 PM (PDT)

Cross-over cablekevin@... | 01/19/2003 @ 11:32 PM (PST)

Not all computers are networked!GuruOfDos | 01/25/2003 @ 07:54 AM (PST)

Re:Simple, elegant, and flexible: Try It!wangqi64@... | 04/02/2004 @ 07:10 AM (PST)

Here's the GPO definition for disabling USB storage devicesgziv@... | 08/18/2004 @ 03:36 PM (PDT)

Implement in the NT 4.0 domainanto_sumartono@... | 10/04/2004 @ 07:36 PM (PDT)

Use a product solution insteadD Szerszen | 10/05/2004 @ 03:23 AM (PDT)

SecureWave is Great... butyaaky | 05/18/2005 @ 12:56 AM (PDT)

USB Disablesudhirforu@... | 01/31/2009 @ 02:23 AM (PST)

I could not found the USBSTOR.dll filewshamroukhs@... | 10/13/2004 @ 11:43 PM (PDT)

Important corrections to original posting.. Please read!gziv@... | 10/15/2004 @ 08:30 AM (PDT)

Important corrections to original posting.. Please read!gziv@... | 10/15/2004 @ 08:32 AM (PDT)

I want to add ACL on USB Drivehrushikeshk@... | 11/05/2004 @ 09:51 AM (PST)

No file by either namekennethv@... | 11/14/2004 @ 12:38 AM (PST)

Result = badly installed devicesSystadm | 06/24/2005 @ 08:04 PM (PDT)

Big Brother??dverduin@... | 01/16/2003 @ 07:47 PM (PST)

you are firedthemainframeisback | 01/17/2003 @ 12:35 AM (PST)

What a Fooljim@... | 09/17/2007 @ 12:40 PM (PDT)

What are you people thinking???Houston Brown | 01/16/2003 @ 09:41 PM (PST)

Dilbert's Boss ZoneOldITGuy | 01/16/2003 @ 10:29 PM (PST)

Solution from an inexperienced techrdunn@... | 01/16/2003 @ 10:32 PM (PST)

Epoxy: Our friendCenterDirector | 01/17/2003 @ 01:27 AM (PST)

Not everyone can be traced thoughRichGL | 01/20/2003 @ 11:43 PM (PST)

BIOS would have been cheaper...yaaky | 05/18/2005 @ 12:59 AM (PDT)

Solution from an inexperienced techrdunn@... | 01/16/2003 @ 10:32 PM (PST)

change useage not removenorskifevo@... | 01/17/2003 @ 01:05 AM (PST)

Sanity CheckPaul S. | 01/17/2003 @ 03:05 AM (PST)

Ultimate securitythe docman | 01/18/2003 @ 03:49 AM (PST)

roflmboCharlieG | 01/19/2003 @ 05:32 AM (PST)

This is naivekevaburg@... | 01/22/2003 @ 03:33 AM (PST)

No such thing as 'absolute' security...yaaky | 05/18/2005 @ 01:05 AM (PDT)

why disable portsancianoman@... | 01/17/2003 @ 07:38 AM (PST)

Interesting TangentsTheChas | 01/18/2003 @ 07:21 AM (PST)

bios disable not an option we need 1Hansdekleijn@... | 01/18/2003 @ 09:09 PM (PST)

Check through the discussionTheChas | 01/19/2003 @ 02:21 AM (PST)

What about the COM ports?kevaburg@... | 01/22/2003 @ 03:29 AM (PST)

How about Autorun feature?jkn | 01/20/2003 @ 11:37 PM (PST)

Use the "Pencil" solution ...!?Thamer | 01/21/2003 @ 02:27 PM (PST)

continues...Thamer | 01/21/2003 @ 02:32 PM (PST)

But.................kevaburg@... | 01/22/2003 @ 03:22 AM (PST)

Why Disable in the BIOS?techrepublic@... | 01/22/2003 @ 04:47 AM (PST)

And in ME/9x too, but...GuruOfDos | 01/25/2003 @ 08:02 AM (PST)

Yes but..Dr Dij | 01/30/2003 @ 02:38 AM (PST)

Unless the case is locked...yaaky | 05/18/2005 @ 01:13 AM (PDT)

Not many know how to do itkevaburg@... | 06/02/2005 @ 08:29 AM (PDT)

YesDr Dij | 06/02/2005 @ 11:46 AM (PDT)

Won't reconize com 3 o 4DCEDIAMOND55@... | 01/25/2003 @ 01:03 PM (PST)

Paranoia is securitydbreed | 01/26/2003 @ 11:28 AM (PST)

Information Security is NOT "all or nothing"yaaky | 05/18/2005 @ 01:21 AM (PDT)

Here is a thought.feral@... | 07/31/2003 @ 09:00 PM (PDT)

Possible solution....casey@... | 11/18/2003 @ 06:20 PM (PST)

one additional detail...casey@... | 11/18/2003 @ 06:28 PM (PST)

Solution "USB LOCK AP"Systadm | 06/24/2005 @ 07:32 PM (PDT)

Even easierbeads@... | 07/12/2005 @ 06:42 AM (PDT)

New USB Lock Standard replaced USB Lock APjavier.arrospide@... | 10/24/2008 @ 04:49 AM (PDT)

RE: Disable USB ports to prevent unauthorized data transfershktown@... | 11/28/2007 @ 12:37 AM (PST)

May be you should try thisgotmilkcrazy@... | 07/04/2008 @ 01:37 AM (PDT)

A Softer methodgotmilkcrazy@... | 07/07/2008 @ 08:25 PM (PDT)

RE: Disable USB ports to prevent unauthorized data transferscenturion.2050@... | 03/30/2009 @ 12:11 AM (PDT)

SponsoredWhite Papers, Webcasts, and Downloads

Achieving Cost and Resource Savings with UC white paper Microsoft In this harsh economic climate, the need is more compelling than ever to ... Download Now
Easily Monitor Virtual/Physical/Cloud and Save Budget. up.time - Free Trial Uptime Software Need Deep Systems Management for Virtual/Physical/Cloud that Saves you ... Download Now
Dynamic Virtual Clients Intel Intel IT plans to put virtualization on their client PCs - Dynamic Virtual ... Download Now

White Papers, Webcasts, and Downloads

The Journey Along an Information-Led Transformation IBM Corp. The cost of embedding information technology into every device we ... Download Now
Sole-sourcing BI from your ERP vendor: IT convenience or strategic business decision? IBM During the last several years, the pressure of commoditization and the ... Download Now
Recession Proofing Your Organization with Electronic Forms IBM Corp. The current economy is forcing organizations of all sizes to look more ... Download Now

Top Rated News on ZDNet

Microsoft exposes Firefox users to drive-by malware downloads +86 rating
What Microsoft won't tell you about Windows 7 licensing +75 rating
Seven perfectly legal ways to get Windows 7 cheap (or even free) +74 rating
Is it OK to use OEM Windows on your own PC? Don't ask Microsoft +74 rating
Windows 7: An impressive upgrade +73 rating

Browse by Tag

networking: Popular tags: windows, software, hardware, security, it management
e-mail: Popular tags: windows, software, networking, security, hardware
hardware: Popular tags: windows, software, networking, it management, security
programming: Popular tags: software, windows, networking, hardware, it management
software: Popular tags: windows, hardware, networking, programming, it management
windows: Popular tags: software, networking, hardware, security, it management
linux: Popular tags: software, windows, networking, hardware, security
it management: Popular tags: networking, windows, software, security, hardware
career: Popular tags: it management, networking, software, windows, feedback
security: Popular tags: networking, windows, software, it management, hardware
off-topic: Popular tags: software, windows, hardware, feedback, networking
feedback: Popular tags: software, windows, hardware, networking, it management
project management: Popular tags: it management, software, networking, windows, programming

500 Things Every Technology Professional Needs to Know: Did you know Microsoft's RegClean does not work with XP but you can use shareware to clean your registry? Did you know most wireless access points don't have encryption enabled by default? Did you know there are 500 tidbits of information contained in TechRepublic's 500 Things Every Technology Professional Needs to Know that will help you become a successful IT professional.; Buy Now

IT Professional's Guide to Policies and Procedures, Third Ed: Whether you're creating policies for management, training, personnel, support, privacy, Internet/e-mail usage, security, or inventory, you'll meet the needs of your entire enterprise with this one download!; Buy Now