/build/static/layout/Breadcrumb_cap_w.png

Disable USB

Hi.

We want to disable the USB port for memory sticks on our labcomputers as microsoft describe it here: http://support.microsoft.com/default.aspx?scid=kb;en-us;823732

My question is. Can I do a small MSI package to execute on every labcomputer (to make sure that it will be the same result everytime insted to let someone do it manualy) or is it better to do a .reg file?

How should you do it?

Thanks!

0 Comments   [ + ] Show comments

Answers (21)

Posted by: tmiller 16 years ago
Senior Yellow Belt
0
If it was me, I would be inclined to create an .msi that does both of the steps. You might also create a check that looks if the registry value exists before setting it to 4, since there may be undesired results from just adding the registry value if it doesn't already exist.

Hope this helps!
Posted by: ogeccut 16 years ago
Black Belt
0
If you need an msi you can write vbscript to edit registry and run it from CA.
Posted by: aogilmor 16 years ago
9th Degree Black Belt
0
Look for devcon.exe and add it to your MSI as a binary.
It is a utility from Microsoft which manages devices from the command line.
Posted by: spartacus 16 years ago
Black Belt
0
This can also be achieved using Group Policy if that is an option for you. See the following links for more information :

http://www.windowsdevcenter.com/pub/a/windows/2005/11/15/disabling-usb-storage-with-group-policy.html

and

http://support.microsoft.com/default.aspx?scid=kb;en-us;555324

Regards,

Spartacus
Posted by: rstanberry 16 years ago
Yellow Belt
0
We disable the usb by running an SMS package to the group that needs disabled.

'SMS Installer Code
item: Get Registry Key Value
Variable=USBSTORNAME
Key=SYSTEM\CurrentControlSet\Services\USBSTOR
Value Name=DisplayName
Flags=00000100
end
item: If/While Statement
Variable=USBSTORNAME
Flags=00000001
end
item: Edit Registry
Total Keys=1
Key=SYSTEM\CurrentControlSet\Services\USBSTOR
New Value=4
Value Name=Start
Root=2
Data Type=3
end
item: End Block
end
Posted by: anonymous_9363 16 years ago
Red Belt
0
ORIGINAL: rstanberry
'SMS Installer Code
item: Get Registry Key Value
<snip>
item: End Block
end

Forgive my ignorance (I don't do either SMS or WiseScript), but is SMS code, to all intents and purposes, identical to WiseScript?
Posted by: rstanberry 16 years ago
Yellow Belt
0
Yes SMS scripting tool is based on Install Sheild.
Posted by: kiptek 16 years ago
Second Degree Green Belt
0
actually it is based on an earlier version of the Wise Installer, hence you recognizing the code as wisescript.
Posted by: aXz 16 years ago
Blue Belt
0
Hello again!

Thanks for your answers.
I have had alot to do at work but now I have started with this package!

I have some questions. When I in the WIE (Windows Installer Editor) in Wise go to files and want to add the usb.inf file to the destination computer I cant find the inf folder under Windows. Should I create a new folder and give it the name inf and place the usb.inf file in it? Or how will I find the inf folder?

The second question is how I set the premission in the package? Do I add a particilur reg file and sett tha value at it?

Thansk in advance!
Posted by: AngelD 16 years ago
Red Belt
0
The c:\WINDOWS\inf is a hidden folder so you need to enable show hidden files to be able to see it.
Posted by: aXz 16 years ago
Blue Belt
0
I know that it is a hidden folder in Windows. Thats not my problem. The problem I have is that I cant see the inf folder under the "Destination Computer" in Wise. There is no problem for me to locate the file above and add it.

Or do you mean that it is a option in Wise that I have to change to be able to see the inf folder in my wsi file Im creating?
Posted by: AngelD 16 years ago
Red Belt
0
Ah okej, my bad.
Can't recall from memory if the inf folder is present by default under the windows folder from Wise. If it's not then just create it. Just in case: if you create the inf folder within one feature you must set to show in all features (Tools->Options).
Posted by: aXz 16 years ago
Blue Belt
0
Aha thanks! I just create the inf folder and see if its working..

Another thing. At the microsoft page above there instruction is to deny System and the users/groups you want at the usbstor.pnf file.
How do I set this settings in my msi package? Is it enought to just set the value 4 in the registerkey?
Or do I set deny on the users/groups on my Host computer and it will inherit the settings to my package?

Thanks!
Posted by: AngelD 16 years ago
Red Belt
0
A bit unclear, but you want to change permission for a user/group on a certain registry key?
Posted by: aXz 16 years ago
Blue Belt
0
I want to set deny for some specify Users/Groups on the usb.pnf file. The usb.pnf file that is included in my package will replace the original file on the destination computer.

I have also created a new register key under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor[/align] [/align]That has the value 4 instead of 3. This key will also replase the original one. Thats my intention anyway [:)][/align]
Posted by: anonymous_9363 16 years ago
Red Belt
0
ORIGINAL: aXz
I want to set deny for some specify Users/Groups on the usb.pnf file.
I'd suggest you avoid using the LockPermissions table and use SetACL, SubInACL or similar in a Custom Action instead. You have much more control and, generally speaking, they're easier to use.
Posted by: aXz 16 years ago
Blue Belt
0
And how do I manage that? [&:]

I tryed to install the package on a test computer but noting happens. The registry key dose not replace the old one (the key dose not get value 4)

Whene I think about it maby it is better and easier to do a .regfile that sets the new value at the key?
But it would be sattisfied to get this .msi to work anyway [8D]
Posted by: aogilmor 16 years ago
9th Degree Black Belt
0
ORIGINAL: aXz
I tryed to install the package on a test computer but noting happens. The registry key dose not replace the old one (the key dose not get value 4)

Whene I think about it maby it is better and easier to do a .regfile that sets the new value at the key?
But it would be sattisfied to get this .msi to work anyway [8D]


Did you ever try devcon.exe?
Posted by: aXz 16 years ago
Blue Belt
0
Ohh sorry... I missed your post.
How do I use devcon.exe ?
Posted by: AngelD 16 years ago
Red Belt
0
aXz,

Please try to use the forum search or Google before asking "simple" questions.
It's more likely you will get an answer if you tried first by yourself and post your steps that didn't work.

Cheers!
Posted by: aXz 16 years ago
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ