Smallvoid.com
  • Home
  • About
  • Articles
  • Links
  • Forum

Restrict access to removable storage devices

July 5, 2007 by Snakefoot | 2 Comment

Microsoft Windows Vista enhances the access control to removable storage devices to include:
  • CD and DVD Drives - All optical devices which includes HD-DVD and Blu-Ray drives.
  • Floppy Drives - Floppy disk drives, including USB Floppy Disks.
  • Removable Disks - Flash memory or hard drive based removable disks connected via USB or Firewire.
  • Tape Drives - All classes of linear tape device.
  • WPD Devices - Windows Portable Devices. Windows-based smartphones, media players, auxiliary displays and CE devices.
The restriction to these devices can be controlled with group policies:

User Configuration \Administrative Templates \System \Removable Storage Access
Computer Configuration \Administrative Templates \System \Removable Storage Access

More Info MS Technet : Group policies in Windows Vista/2008

The restrictions can also be controlled through these registry settings:

[HKEY_LOCAL_MACHINE \Software \Policies \Microsoft \Windows \RemovableStorageDevices]

To make a restriction for a device-type, create a registry-key matching the device type:
  • CD and DVD Drives - {53f56308-b6bf-11d0-94f2-00a0c91efb8b}
  • Floppy Drives - {53f56311-b6bf-11d0-94f2-00a0c91efb8b}
  • Removable Disks - {53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • Tape Drives - {53f5630b-b6bf-11d0-94f2-00a0c91efb8b}
  • WPD Devices needs two keys:
    • {6AC27878-A6FA-4155-BA85-F98F491D4F33}
    • {F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}
For each device type one can specify the type of restriction wanted with these DWORD values:
  • Deny_Read - Enabled = 1 / Disabled = 0
  • Deny_Write - Enabled = 1 / Disabled = 0
Related Restrict access to USB storage devices.

Credits Sanx.org
Tags:
  • access-control-list, removable-storage-devices, usb, usb-stick, user-account
Category:
  • User Security

Comments:

  1. Bob Woods says:
    1 November 2010 at 14:46

    This post refers to Windows Vista and Windows 2008 environments. Will the GPO also handle Windows XP for restricitng access to removable storage devices?

    Reply
  2. Snakefoot says:
    1 November 2010 at 22:40

    Bob Woods wrote:
    Will the GPO also handle Windows XP for restricitng access to removable storage devices?

    See Restrict access to USB storage devices for WinXP settings. And see client side extensions for how to implement standard registry settings as group policy.

    If you want the extra security then you need to upgrade to Windows Vista/2008/7.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related Posts

  • Restrict access to the USB storage devices
  • Configure drive letter for the CD-ROM Drive
  • Create Windows 7 System Repair disk on USB stick
  • Creating a bootable USB stick
  • Configure the login and Welcome Screen in Vista

Recent Posts

  • Disable IPv6 imaginary tunnel network interfaces
  • Encrypted backup to OneDrive or DropBox
  • Description of soft and hard page faults
  • Windows 10 Upgrade with black screen
  • Wordpress 4.2 Upgrade

Meta

  • Log in
  • Entries feed
  • Comments feed