Enabling / Disabling USB Ports for Storage
Enabling and Disabling USB Ports to Restrict USB Storage Devices
The following Tool Tip explains how your can utilize the Management Utility to enable or disable the USB ports to allow to restrict the use of USB Storage devices on target systems silently from a central location.
**Please Note - the USB ports will be enabled or disabled the next time the user logs in for Windows 7, on WIndows 10 it takes immediate effect.
The files you create to execute this function must be saved in a folder within your defined Apps share - in our example we created a folder called \usb-enable-disable\
Step 1 - Creating the Enable USB Ports Registry Entry
On a test system open up regedit, click on the tree to expand LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR
Confirm the Start Value = 3
Now choose File Export
Save the usb-enable.reg file to the shared folder you have defined
Step 2 - Creating the batch file to Enable the USB Ports
Now we create the batch file that will run the usb-enable registry entry - save the batch file to the shared folder you have defined - in this example we called it usb-enable.bat
@ECHO OFF
mkdir c:\tmps
xcopy /Y \\192.168.200.57\apps\usb-enable-disable\usb-enable.reg c:\tmps
cd \tmps
regedit.exe /s usb-enable.reg
cd\
rd c:\tmps /S /Q
exit
Remember to update to the IP and Apps path on your system
Step 3 - Creating the Third Party Deployment Template to Enable USB Ports
Setup the Third party Deployment Template - Remember to choose copy these files locally
Step 4 - Creating the Disable USB Ports Registry Entry
On a test system open up regedit, click on the tree to expand LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR
Double click the Start Value and change it to 4
Now choose File Export
Save the usb-disable.reg file to the shared folder you have defined
Step 5 - Creating the batch file to disable the USB Ports
Now we create the batch file that will run the usb-disable registry entry - save the batch file tot he shared folder you have defined - in this example we called it usb-disable.bat
@ECHO OFF
mkdir c:\tmps
xcopy /Y \\192.168.200.57\apps\usb-enable-disable\usb-disable.reg c:\tmps
cd \tmps
regedit.exe /s usb-disable.reg
cd\
rd c:\tmps /S /Q
exit
Remember to update to the IP and Apps path on your system
Step 3 - Creating the Third Party Deployment Template to Disable USB Ports
Setup the Third party Deployment Template - Remember to choose copy these files locally