Ever want to prevent a user from attaching a USB drive? Well, you could turn off USB in the system BIOS, but that prevents attachment of all USB devices, not just drives. That could be disastrous if you don't have a PS/2 Keyboard and Mouse attached.
There's a simple registry hack that manages how Windows XP SP2 and later and Vista manage attached drives (including external hard drives as well as flash) but not prevent the use of HID devices and other non-drive devices. There's a very good write-up on the How-To Geek. The hack can be summed up in this simple line:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
"WriteProtect"=dword:00000001
For more security, you can look at physical protection. Unfortunately the USB physical standard doesn't allow any realistic way to permanently lock the drives, but you can block them. Lindy makes USB port blockers that will at least deter casual attempts to plug in USB and at least slightly slow determined users. They can be removed with a carefully bent paper clip, but once in, you can't easily remove with bare hands. Different colors use different keys to remove. Of course, you can buy them in colors other than pink...
Posts
No comments:
Post a Comment