How to disable the use of USB storage devices (823732)


The information in this article applies to:

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

IN THIS TASK

SUMMARY

This article discusses two methods that you can use to prevent users from connecting to a USB storage device.

back to the top

To Disable the Use of USB Storage Devices

To disable the use of USB storage devices, use one or more of the following procedures, as appropriate to your situation:

back to the top

If a USB Storage Device Is Not Already Installed on the Computer

If a USB storage device is not already installed on the computer, assign the user or the group Deny permissions to the following files:
  • %SystemRoot%\Inf\Usbstor.pnf
  • %SystemRoot%\Inf\Usbstor.inf
When you do so, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:
  1. Start Windows Explorer, and then locate the %SystemRoot%\Inf folder.
  2. Right-click the Usbstor.pnf file, and then click Properties.
  3. Click the Security tab.
  4. In the Group or user names list, click the user or group that you want to set Deny permissions for.
  5. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
    Note In addition, add the System account to the Deny list.
  6. Right-click the Usbstor.inf file, and then click Properties.
  7. Click the Security tab.
  8. In the Group or user names list, click the user or group that you want to set Deny permissions for.
  9. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
back to the top

If a USB Storage Device Is Already Installed on the Computer

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. If a USB storage device is already installed on the computer, set the Start value in the following registry key to 4:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

When you do so, the USB storage device does not work when the user connects the device to the computer. To set the Start value, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. Locate, and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

  4. In the right pane, double-click Start.
  5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
  6. Quit Registry Editor.
back to the top
Please contact the vendor of your USB device to inquire about a newer driver.For information about how to contact the vendor of your USB device, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

Modification Type:MinorLast Reviewed:4/19/2005
Keywords:kbinfo KB823732 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.