Pages

To permanently disable USB mass storage and CD/DVD drives for protecting data theft:

 To permanently disable USB mass storage and CD/DVD drives for protecting data theft:


Method 1: Group Policy Editor (Windows Pro/Enterprise)


1. Press Win + R, type gpedit.msc, and press Enter.

2. Navigate to:

    - Computer Configuration > Administrative Templates > System > Removable Storage Access

3. Enable:

    - "Removable Storage: Deny execute access"

    - "Removable Storage: Deny read access"

    - "Removable Storage: Deny write access"

4. Navigate to:

    - Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions

5. Enable:

    - "Prevent installation of devices that match any of these IDs"

    - Add USB mass storage devices (e.g., USBSTOR) and CD/DVD drives (e.g., CDROM) to the list


Method 2: Registry Editor (All Windows versions)


1. Press Win + R, type regedit, and press Enter.

2. Navigate to:

    - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices

3. Create a new DWORD (32-bit) value:

    - Name: Deny_Execute

    - Value: 1

4. Create another new DWORD (32-bit) value:

    - Name: Deny_Read

    - Value: 1

5. Create another new DWORD (32-bit) value:

    - Name: Deny_Write

    - Value: 1

6. Navigate to:

    - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class

7. Find and delete the following keys (if present):

    - {4D36E967-E325-11CE-BFC1-08002BE10318} (CD/DVD drives)

    - {53F5630D-B6BF-11D0-94F2-00A0C91EFB8B} (USB mass storage devices)


Method 3: Device Manager


1. Press Win + X and select Device Manager.

2. Expand "Disk drives" and right-click on each USB mass storage device.

3. Select "Disable device" or "Uninstall device".

4. Expand "DVD/CD-ROM drives" and right-click on each CD/DVD drive.

5. Select "Disable device" or "Uninstall device".


Additional Measures


1. Set BIOS/UEFI settings to disable USB mass storage and CD/DVD drives.

2. Use physical locks or secure storage for devices.

3. Implement data encryption and access controls.

4. Monitor system logs for unauthorized access attempts.


Remember to test your system after applying these changes to ensure they don't interfere with legitimate device functionality.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

apkaluva

  • Home Page
      Hello World Referance My Reference Hardware shopping Windows Tips Windows run command How to enable windows photo viewer in Win10 Run C++ ...
  • MS Office 2016 and 2019
    Office 2021 if exist "C:\Program Files\Microsoft Office\Office16\ospp.vbs" cd /d "C:\Program Files\Microsoft Office\Office16&...
  • RPC Registry
    Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print] "ConfigModule"="PrintConfig....