Disable USB
Hi.
We want to disable the USB port for memory sticks on our labcomputers as microsoft describe it here: http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
My question is. Can I do a small MSI package to execute on every labcomputer (to make sure that it will be the same result everytime insted to let someone do it manualy) or is it better to do a .reg file?
How should you do it?
Thanks!
We want to disable the USB port for memory sticks on our labcomputers as microsoft describe it here: http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
My question is. Can I do a small MSI package to execute on every labcomputer (to make sure that it will be the same result everytime insted to let someone do it manualy) or is it better to do a .reg file?
How should you do it?
Thanks!
0 Comments
[ + ] Show comments
Answers (21)
Please log in to answer
Posted by:
tmiller
16 years ago
Posted by:
ogeccut
16 years ago
Posted by:
aogilmor
16 years ago
Posted by:
spartacus
16 years ago
Posted by:
rstanberry
16 years ago
We disable the usb by running an SMS package to the group that needs disabled.
'SMS Installer Code
item: Get Registry Key Value
Variable=USBSTORNAME
Key=SYSTEM\CurrentControlSet\Services\USBSTOR
Value Name=DisplayName
Flags=00000100
end
item: If/While Statement
Variable=USBSTORNAME
Flags=00000001
end
item: Edit Registry
Total Keys=1
Key=SYSTEM\CurrentControlSet\Services\USBSTOR
New Value=4
Value Name=Start
Root=2
Data Type=3
end
item: End Block
end
'SMS Installer Code
item: Get Registry Key Value
Variable=USBSTORNAME
Key=SYSTEM\CurrentControlSet\Services\USBSTOR
Value Name=DisplayName
Flags=00000100
end
item: If/While Statement
Variable=USBSTORNAME
Flags=00000001
end
item: Edit Registry
Total Keys=1
Key=SYSTEM\CurrentControlSet\Services\USBSTOR
New Value=4
Value Name=Start
Root=2
Data Type=3
end
item: End Block
end
Posted by:
anonymous_9363
16 years ago
Posted by:
kiptek
16 years ago
Posted by:
aXz
16 years ago
Hello again!
Thanks for your answers.
I have had alot to do at work but now I have started with this package!
I have some questions. When I in the WIE (Windows Installer Editor) in Wise go to files and want to add the usb.inf file to the destination computer I cant find the inf folder under Windows. Should I create a new folder and give it the name inf and place the usb.inf file in it? Or how will I find the inf folder?
The second question is how I set the premission in the package? Do I add a particilur reg file and sett tha value at it?
Thansk in advance!
Thanks for your answers.
I have had alot to do at work but now I have started with this package!
I have some questions. When I in the WIE (Windows Installer Editor) in Wise go to files and want to add the usb.inf file to the destination computer I cant find the inf folder under Windows. Should I create a new folder and give it the name inf and place the usb.inf file in it? Or how will I find the inf folder?
The second question is how I set the premission in the package? Do I add a particilur reg file and sett tha value at it?
Thansk in advance!
Posted by:
AngelD
16 years ago
Posted by:
aXz
16 years ago
I know that it is a hidden folder in Windows. Thats not my problem. The problem I have is that I cant see the inf folder under the "Destination Computer" in Wise. There is no problem for me to locate the file above and add it.
Or do you mean that it is a option in Wise that I have to change to be able to see the inf folder in my wsi file Im creating?
Or do you mean that it is a option in Wise that I have to change to be able to see the inf folder in my wsi file Im creating?
Posted by:
AngelD
16 years ago
Posted by:
aXz
16 years ago
Aha thanks! I just create the inf folder and see if its working..
Another thing. At the microsoft page above there instruction is to deny System and the users/groups you want at the usbstor.pnf file.
How do I set this settings in my msi package? Is it enought to just set the value 4 in the registerkey?
Or do I set deny on the users/groups on my Host computer and it will inherit the settings to my package?
Thanks!
Another thing. At the microsoft page above there instruction is to deny System and the users/groups you want at the usbstor.pnf file.
How do I set this settings in my msi package? Is it enought to just set the value 4 in the registerkey?
Or do I set deny on the users/groups on my Host computer and it will inherit the settings to my package?
Thanks!
Posted by:
AngelD
16 years ago
Posted by:
aXz
16 years ago
I want to set deny for some specify Users/Groups on the usb.pnf file. The usb.pnf file that is included in my package will replace the original file on the destination computer.
I have also created a new register key under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor[/align] [/align]That has the value 4 instead of 3. This key will also replase the original one. Thats my intention anyway [:)][/align]
I have also created a new register key under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor[/align] [/align]That has the value 4 instead of 3. This key will also replase the original one. Thats my intention anyway [:)][/align]
Posted by:
anonymous_9363
16 years ago
Posted by:
aXz
16 years ago
And how do I manage that? [&:]
I tryed to install the package on a test computer but noting happens. The registry key dose not replace the old one (the key dose not get value 4)
Whene I think about it maby it is better and easier to do a .regfile that sets the new value at the key?
But it would be sattisfied to get this .msi to work anyway [8D]
I tryed to install the package on a test computer but noting happens. The registry key dose not replace the old one (the key dose not get value 4)
Whene I think about it maby it is better and easier to do a .regfile that sets the new value at the key?
But it would be sattisfied to get this .msi to work anyway [8D]
Posted by:
aogilmor
16 years ago
ORIGINAL: aXz
I tryed to install the package on a test computer but noting happens. The registry key dose not replace the old one (the key dose not get value 4)
Whene I think about it maby it is better and easier to do a .regfile that sets the new value at the key?
But it would be sattisfied to get this .msi to work anyway [8D]
Did you ever try devcon.exe?
Posted by:
AngelD
16 years ago
Posted by:
aXz
16 years ago
I found this....
http://www.windowsdevcenter.com/pub/a/windows/2005/11/15/disabling-usb-storage-with-group-policy.html
Looks handy...
Thanks anyway
http://www.windowsdevcenter.com/pub/a/windows/2005/11/15/disabling-usb-storage-with-group-policy.html
Looks handy...
Thanks anyway
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
so that the conversation will remain readable.