Enabling and Disabling USB Ports to Restrict USB Storage Devices


The following Tool Tip explains how your can utilize the Management Utility to enable or disable the USB ports to allow to restrict the use of USB Storage devices on target systems silently from a central location.



**Please Note - the USB ports will be enabled or disabled the next time the user logs in for Windows 7, on WIndows 10 it takes immediate effect.


The files you create to execute this function must be saved in a folder within your defined Apps share - in our example we created a folder called \usb-enable-disable\




Step 1 - Creating the Enable USB Ports Registry Entry


On a test system open up regedit, click on the tree to expand LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR


Confirm the Start Value = 3




Now choose File Export


Save the usb-enable.reg file to the shared folder you have defined



Step 2 - Creating the batch file to Enable the USB Ports


Now we create the batch file that will run the usb-enable registry entry - save the batch file to the shared folder you have defined - in this example we called it usb-enable.bat



@ECHO OFF

mkdir c:\tmps

xcopy /Y \\192.168.200.57\apps\usb-enable-disable\usb-enable.reg c:\tmps

cd \tmps

regedit.exe /s usb-enable.reg

cd\

rd c:\tmps /S /Q

exit


Remember to update to the IP and Apps path on your system



Step 3 - Creating the Third Party Deployment Template to Enable USB Ports 


Setup the Third party Deployment Template - Remember to choose copy these files locally



Step 4 - Creating the Disable USB Ports Registry Entry


On a test system open up regedit, click on the tree to expand LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR


Double click the Start Value and change it to 4



Now choose File Export



Save the usb-disable.reg file to the shared folder you have defined


Step 5 - Creating the batch file to disable the USB Ports


Now we create the batch file that will run the usb-disable registry entry - save the batch file tot he shared folder you have defined - in this example we called it usb-disable.bat


@ECHO OFF

mkdir c:\tmps

xcopy /Y \\192.168.200.57\apps\usb-enable-disable\usb-disable.reg c:\tmps

cd \tmps

regedit.exe /s usb-disable.reg

cd\

rd c:\tmps /S /Q

exit


Remember to update to the IP and Apps path on your system



Step 3 - Creating the Third Party Deployment Template to Disable USB Ports 


Setup the Third party Deployment Template - Remember to choose copy these files locally