Precautions on how to disable USB storage device and USB flash disk without affecting the use of USB mouse and keyboard, online banking U shield and dongle

Time:2021-11-29

In today’s world, informatization has become the general trend. Computers have not only become an indispensable tool for people’s life and work, but also an indispensable tool for many enterprises to carry out their daily work. Accordingly, most of the labor achievements and important documents formed during employees’ working hours are also stored on employees’ own computers. Now, because the storage space of USB flash disk is larger and larger, and the reading and writing speed is faster and faster, a large number of computer files can be easily copied to USB flash disk, mobile hard disk and other USB storage devices. Therefore, we need to prohibit the use of USB flash disk and shielding USB storage devices.

So, how can the company’s LAN prohibit the use of USB flash drives and USB storage devices? The author believes that it can be realized in the following two ways:

   Method 1: disable the USB port through the registry and disable the U port through group policy, so as to completely disable the use of USB interface and shield the use of u port. Naturally, the use of U disk is completely prohibited.

At present, the commonly used methods are to disable the USB interface through the registry, disable the use of USB interface through group policy, and even completely disable the use of USB interface through BIOS in some units. The operation method is also relatively simple, as follows:

1. Prohibit the use of u port and shield the use of USB storage device through group policy.

Through group policy, in management tools – domain security policy – computer configuration – Windows settings – Security Settings – file system, right-click – add file or folder. Locate C: \ windows \ inf \ usbstor.inf   And usbstor.pnf, and add it


Then, OK, a dialog box will pop up, which is an important step. Through this, you can set the access level of different users. Of course, reject is selected here. You can select different user groups to reject the two files according to the actual situation. As shown below  


OK, OK, the following window will pop up. Of course, OK. However, if you didn’t do it in the previous step, you can reset the access permissions of different user groups here (click the edit security settings button)! OK. It will take effect after the domain group policy is refreshed.  


2. Disable the U port through the registry and mask the U port through the registry:

Registry location, HKEY_ LOCAL_ Machine \ system \ currentcontrolset \ services \ USBhub or HKEY_ LOCAL_ Machine \ system \ currentcontrolset \ services \ usbstor, double-click the “start” key in the right sub window of the corresponding USBhub (or usbstor) branch, and check the number in the pop-up value setting window. If it is 4, it indicates that the USB port permission of the computer has been restricted;

If it is 3, it indicates that the USB port permission of the computer has been enabled. Make sure it is 4!!!


As follows:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
“Type”=dword:00000001
“Start”=dword:00000004
“ErrorControl”=dword:00000001
“ImagePath”=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\
00,52,00,2e,00,53,00,59,00,53,00,00,00
“DisplayName”=”USB   Mass storage driver“

However, disabling the USB flash disk through the above measures will also lead to the unavailability of other USB devices, especially the use of non USB storage devices such as USB mouse, keyboard and dongle. Therefore, we can consider shielding the use of USB flash disk through special software that prohibits the use of USB flash disk.

Method 2. With the help of special USB monitoring software and USB control software, prohibit the use of USB disk and disable the use of USB storage device.

At present, there are many special USB interface monitoring software and computer u-port shielding software in China, which can disable the function of USB storage devices. For example, there is a “general trend to USB control system” (download address:http://www.grablan.com/monitorusb.html), you can automatically disable USB storage devices (such as USB flash disk, mobile hard disk, etc.) only after the computer is installed. At the same time, you can only use specific USB flash disk and only allow specified USB flash disk to be used; You can only copy files from the USB flash disk to the computer and prohibit copying files from the computer to the USB flash disk, or you must enter a password when copying computer files through the USB flash disk, so as to greatly protect the security of computer files. In addition, while disabling the use of USB storage devices, it does not affect non USB storage devices (such as the use of USB mouse and keyboard and online banking U shield), so as to accurately realize the function of managing USB interface. As shown in the figure below:

 

In addition, through the general trend to the USB control software, you can also prohibit the computer from sending e-mail, uploading files on the network disk, uploading forum attachments, uploading FTP files and sending files on QQ, which also greatly protects the security of computer files and prevents disclosure through the network.

In short, whether the U-disk is disabled through the registry, the U-disk is disabled through group policy, the u-port is disabled through BIOS, and the use of USB storage devices such as U-disk and mobile hard disk can be realized through special computer USB port monitoring software. Enterprises and institutions can choose the specific method according to their own needs.