Provide password protection for configuration.Define a USB storage devices access mode (Full Access/ Read Only / Disabled).Let’s develop our own application having the following functionalities: A utility software developed for this job will be very useful. The Programįor many users, dealing with Registry keys is a boring job. For this, the Start value in the following Registry key needs to be set to 4: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor. We may want to completely disable USB drives. Setting this value to 1 makes USB drives write protected. Under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies, there is a DWORD value named WriteProtect. This feature can be enabled through the Registry Editor.
Windows XP with SP2 or later Operating Systems provide soft protection of USB ports. Therefore, we many need to define a USB storage policy to make USB drives write protected or not to be accessed through the system. We might have some secure data on our PC which we do not want other users to copy through the USB. However, at the same time, they cause security problems because it is easy to copy a lot of files to a tiny USB memory in a few seconds. Start ) Read-Host "Push for exit!"USB storage devices (flash drives, USB sticks etc.) offer many advantages for us. Powershell #PowerShell script for enabled/disabled usb drive #Run Only with Run as Administrator (for powershell) $usb_State = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\USBSTOR" $cdDvdRom_State = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\cdrom" Switch ( $usb_State. How to use Application and Device Control to block all USB devices except those I specifically want to allowĪlso you wan to block an access to drives other than C drive? How to block USB hard drives in SEP, but allow reading specific USB drives in the SEPM Application and Device Control Policy Click OK to the Application and Device Control policy window and assign this policy to the client group. Select Human Interface Devices and the devices to restrict one of its functions. Under Devices Excluded From Blocking, click Add.Ħ.
(If Disk Drives isn't listed, it is already added as a Blocked Device).ĥ. Under the Blocked Devices section, click Add, select USB and click OK. Right click the Application and Device Control Policy and select Edit.Ĥ. In the SEPM, Under View Policies, select Application and Device ControlĢ.
With the help of Symantec Endpoint Protection you can block access for users to use USB Pendrives and allow usage of Keyboard and mouse.ġ.
0 kommentar(er)
