This week's post is about an article I wrote and got published in WindowsITPro magazine. It is a clever and powerful trick to enable or disable usb keys on workstations.
1. Open regedit and navigate to HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR
2. To enabled USB keys, change the 'start' key to 3. To disable, change it to 4.
If the workstation is part of an active directory domain, download ifmember.exe.
3. Now add this to a .bat file.
@echo off
regedit /s EnableUSB.reg
ifmember.exe "EnableUSB"
if not errorlevel 1 goto ENDUSB
regedit /s DisableUSB.reg
:ENDUSB
4. Create the EnableUSB.reg and DisableUSB.reg files
EnableUSB.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000003
DisableUSB.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Start"=dword:00000004
5. Now, add this script to the startup of the machines. For those you want to have usb, create an active directory group called "EnabledUSB" and add members.
This works for USB Mass storage devices. USB mice and keyboards work fine. You can also do this with cd-rom access and possible other devices, however, it is not as easy to get working.
More tips to come!
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment