Disk Management

How can I prevent users from writing to USB removable disks (USB flash drives)?

USB removable disks (also known as flash drives or “Disk on Key” and other variations) are quickly becoming an integral part of our electronic life, and now nearly everybody owns one device or another, in forms of small disks, external hard drives that come enclosed in cases, card readers, cameras, mobile phones, portable media players and more.

Portable USB flash drives are indeed very handy, but they can also be used to upload malicious code to your computer (either deliberately or by accident), or to copy confidential information from your computer and take it away.

Microsoft has introduced some changes into Windows XP Service Pack 2 that allow an administrator some control over how USB Removable Disks (or flash drives) are handled. A new storage device policy named WriteProtect makes it possible to prevent all removable USB drives from being written to. Users can still read from these devices, but are not longer able to write to them.

This tweak will only work in Windows XP SP2 and above.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

You can also Disable Writing to USB Disks with GPO.

Block writing to USB Removable Disks

To block your computer’s ability to use USB Removable Disks follow these steps:

  1. Open Registry Editor.
  2. In Registry Editor, navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies
  1. Create the following value (DWORD):

WriteProtect

and give it a value of 1.

Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you’re supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

  1. Close Registry Editor. You do not need to reboot the computer for changes to apply.

Users trying to write to any USB Removable Disk will now get an Access Denied message.

Enable writing to USB Removable Disks

To return to the default configuration and enable your computer’s ability to use USB Removable Disks follow these steps:

  1. Go to the registry path found above.
  1. Locate the following value:

WriteProtect

and give it a value of 0.

You can download a .REG file that configure this setting right HERE (1kb).

Further Reading

You may find these related articles of interest to you:

Links

Guy’s Windowmaker’s Blog

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (2)

2 responses to “How can I prevent users from writing to USB removable disks (USB flash drives)?”

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: