How to disable USB flash disk and shield the use of USB mobile storage tools to protect the security of computer files

Time:2022-1-2

Now the use of USB flash disk is very common, and the storage space is becoming larger and larger, which can easily store a large number of files. This is also convenient for enterprises to save and transfer files. However, accordingly, employees can easily copy a large number of company computer files through their own USB flash disk, and then carry them out. In particular, many important documents such as business secrets and intangible assets are stored on the company’s computer. Once leaked, it will bring huge losses to the enterprise. Therefore, how to protect the security of computer files and prevent the disclosure of trade secrets has become an important aspect of enterprise network management.

So how to prohibit the use of USB storage devices such as USB flash disk and mobile hard disk? Many people disable the use of USB port in the computer BIOS. Although USB storage devices such as USB flash disk and mobile hard disk can be completely prohibited, many computers use USB mouse and keyboard, so this kind of non USB storage devices can not be used. Therefore, it is not feasible to disable the U port through BIOS. Here are two other methods:

Method 1: disable the USB storage device through the registry without affecting the use of non USB storage devices.

Principle: after installing the system, install USB devices such as mouse, and then enter it in the registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

In, change the “start” value to 4. 4 is disabled and 3 is enabled

It can be divided into the following two situations:

1. If a USB} storage device is not installed on the computer

If a USB} storage device is not installed on your computer, assign deny permissions to the following files to the user or group:

? %SystemRoot%\Inf\Usbstor.pnf 

? %SystemRoot%\Inf\Usbstor.inf 

In this way, the user will not be able to install the USB storage device on the computer. To assign a user or group to a usbstor PNF # and usbstor “Deny” permission of INF file, please follow the following steps:

1. Start Windows} explorer and find the% systemroot% \ inf folder.

Right click Uspnf. File properties, and then click uspn2.

3. Click the security tab.

4. In the group or user name list, click the user or group for which you want to set deny permission.

5. In the permissions for username or groupname list, click to select the reject check box next to full control, and then click OK.

Note: in addition, you need to add the system account to the reject list.

6. Right click the usbstor.inf file and click properties.

7. Click the security tab.

8. In the group or user name list, click the user or group for which you want to set deny permission.

9. In the permissions for username or groupname list, click to select the deny check box next to full control, and then click OK.

2. If a USB storage device is already installed on the computer

Warning: improper use of registry editor or other methods can cause serious problems. These problems may require reinstalling the operating system. Microsoft} cannot guarantee that you can solve these problems. Modifying the registry is at your own risk. If a USB} storage device is already installed on the computer, set the “start” value in the following registry key to} 4:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

In this way, when the user connects the USB} storage device to the computer, the device will not work. To set the value of “start”, follow these steps:

1. Click start, and then click Run.

2. In the open box, type regedit, and then click OK.

3. Locate and click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor 

4. In the right pane, double-click start.

5. In the numeric data box, type {4, click hex (if not already selected), and then click OK.

6. Exit the registry editor.

Method 2. It is realized with the help of special computer U disk disable software and USB storage device disable software.

If you find it troublesome to modify the registry, you can also disable the software with the help of a special computer USB port. At present, there are many software that specifically prohibit the use of USB flash disk and software that shields USB storage devices in China. For example, there is a “general trend to USB port management software” (download address:http://www.grabsun.com/monitorusb.html), the use of USB storage devices can be automatically disabled only after the computer is installed, but not for USB mouse and keyboard, U shield and USB printer, so as to effectively secure computer files and prevent copying out through USB flash disk. As shown in the figure below:

 

Figure: u-port software prohibited

At the same time, through the “general trend to disable the software on the USB port”, you can also set to prohibit the computer from sending e-mail, uploading files on the network disk, uploading forum attachments, uploading FTP files and sending files on QQ, so as to comprehensively protect the security of computer files and prevent leakage through the network.

 

Figure: prohibit the computer from sending e-mail, online disk, forum and FTP file upload

In addition, through the general trend to USB shielding software, you can also prohibit portable WiFi, prohibit CD-ROM recording, only allow the computer to access some websites and only allow the computer to run some programs, so as to further standardize the behavior of employees using the computer, so as to further protect the security of computer files.