Restrict access to removable storage devices

5 July 2007 by Snakefoot | Comment » | Trackback Off
Microsoft Windows Vista enhances the access control to removable storage devices to include:
  • CD and DVD Drives - All optical devices which includes HD-DVD and Blu-Ray drives.
  • Floppy Drives - Floppy disk drives, including USB Floppy Disks.
  • Removable Disks - Flash memory or hard drive based removable disks connected via USB or Firewire.
  • Tape Drives - All classes of linear tape device.
  • WPD Devices - Windows Portable Devices. Windows-based smartphones, media players, auxiliary displays and CE devices.
The restriction to these devices can be controlled with group policies:

User Configuration \Administrative Templates \System \Removable Storage Access
Computer Configuration \Administrative Templates \System \Removable Storage Access

More Info MS Technet : Group policies in Windows Vista/2008

The restrictions can also be controlled through these registry settings:

[HKEY_LOCAL_MACHINE \Software \Policies \Microsoft \Windows \RemovableStorageDevices]

To make a restriction for a device-type, create a registry-key matching the device type:
  • CD and DVD Drives - {53f56308-b6bf-11d0-94f2-00a0c91efb8b}
  • Floppy Drives - {53f56311-b6bf-11d0-94f2-00a0c91efb8b}
  • Removable Disks - {53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • Tape Drives - {53f5630b-b6bf-11d0-94f2-00a0c91efb8b}
  • WPD Devices needs two keys:
    • {6AC27878-A6FA-4155-BA85-F98F491D4F33}
    • {F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}
For each device type one can specify the type of restriction wanted with these DWORD values:
  • Deny_Read - Enabled = 1 / Disabled = 0
  • Deny_Write - Enabled = 1 / Disabled = 0
Related Restrict access to USB storage devices.

Credits Sanx.org
Tags:
Category:

Updated: 27 September 2007

Leave a comment


You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>