In some business environments, it’s usually a good idea to lock down the usage of external USB storage devices and memory sticks to prevent users from accidentally introducing a virus onto the network or copying data off the network.
You can manually modify the registry to lock down the USB storage devices by changing the following Windows XP registry value:
- Change the Start REG_DWORD value from a decimal 3 to a decimal 4
If the Windows XP computers you manage are domain members, you can push this registry change via group policy. But you will have to create a custom ADM script. This isn’t hard and I’ve included an example below:
PART !!labeltextusb DROPDOWNLIST REQUIRED
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
category=”Custom Policy Settings”
policynameusb=”Disable USB Removable Drives”
explaintextusb=”Disables the USB Removable Drives capability by disabling the usbstor.sys driver. nnSelect the ENABLED radiobox, then select STOPPED for the usbstore.sys driver status in the drop-down list. nnNote that this will only prevent usage of newly plugged-in USB Removable Drives or Flash Drives, devices that were plugged-in while this option was not configured will continue to function normally. Also, devices that use the same device or hardware ID (for example – 2 identical Flash Disks made by the same manufacturer) will still function if one of them was plugged-in prior to the configuration of this setting. In order to successfully block them you will need to make sure no USB Removable Drive is plugged-in while you set this option. nnIn order to re-enable the usage of USB Removable Drives select STARTED for the usbstore.sys driver status in the drop-down list.”
labeltextusb=”usbstore.sys driver status”
Add the above as a custom template using the Group Policy Management console. Once the changes have been made to the group policy, you will need to perform a gpupdate/force of each machine, or wait until a policy update happens on its own.