Tuesday, March 22, 2011

Prevent users from connecting USB device



 Assume that you want to prevent users from connecting to a USB storage device that is connected to a computer that is running Windows XP, Windows Server 2003, or Windows 2000.

If a USB storage device is not already installed on the computer, assign the user or the group and the local SYSTEM account Deny permissions to the following files:





  • %SystemRoot%\Inf\Usbstor.pnf
  • %SystemRoot%\Inf\Usbstor.inf
When you do this, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:

1. Start Windows Explorer--> and then locate the %SystemRoot%\Inf folder.

2. Right-click the Usbstor.pnf file--> and then click Properties.

3. Click the Security tab.

4. In the Group or user names list--> add the user or group that you want to set Deny permissions for.

5. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control.

Note: Also add the System account to the Deny list.

6. In the Group or user names list--> select the SYSTEM account.

7. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control--> and then click OK.

8. Right-click the Usbstor.inf file--> and then click Properties.

9. Click the Security tab.

10. In the Group or user names list--> add the user or group that you want to set Deny permissions for.

11. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control.

12.
In the Group or user names list--> select the SYSTEM account.

13. In the Permissions for UserName or GroupName list--> click to select the Deny check box next to Full Control--> and then click OK.

No comments:

Post a Comment

Search This Blog