Network Administrator

Host: Selena Frye Contact

Disable USB storage under OS X or Windows

Date: July 21st, 2007
Author: Justin Fielding
Category: Infrastructure, System Administration, security
Tags: Storage, Microsoft Windows, Apple Mac OS X, USB, Justin Fielding

78 comment(s)

Whilst randomly browsing a few days ago I came across a document prepared by the National Security Agency (NSA) that describes how to disable USB storage on Linux, OS X, Solaris and Windows platforms.

For OS X the guide describes disabling USB and Firewire storage:

Log on with an administrator account.
Browse to ‘/System/Library/Extensions’ folder on the system disk.
Trash both IOUSBMassStorageClass.kext and IOFireWireSerialBusProtocolTransport.kext which are found in this directory.
Empty the trash.
Reboot the machine.

Disabling USB storage on a Windows platform is only a little more complicated:

From Explorers folder options ensure that hidden files and folders are displayed, file extensions are not hidden and simple file sharing is disabled.
Open up the properties for %systemroot%\Inf\Usbstor.inf (%systemroot% would normally be ‘C:\Windows’).
Select the security tab and make sure that all options for all users are set to deny. This must include administrators and SYSTEM.
Repeat the above for %systemroot%\Inf\Usbstor.pnf
If USB storage devices have been used on this machine previously then open up the registry editor otherwise ignore steps 6 and 7.
Browse to the registry location ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor’.
Open up the registry key ‘Start’ and change the data value to ‘4′. Close the registry editor.

That’s it! If simple file sharing was enabled previously then don’t forget to re-enable it.

Print/View all Posts Comments on this blog

disabling USB storage under windows anslemnovich@... | 07/22/07

go on... Justin Fielding | 07/23/07

Security? computab | 07/24/07

security tab iain.dingsdale@... | 07/26/07

i belive thpsi@... | 07/27/07

You might want to disable the USD... SaintGeorge | 07/27/07

Diabling USB Storage KenDAWG | 07/27/07

Not Aimed At XP Home andrew@... | 07/27/07

Security Tab in windows teajay9001 | 07/27/07

Nope been around awhile rmathis@... | 09/05/07

Overkill at its best. Do things the simple way Big Ole Jack | 07/24/07

Ditto jakesty | 07/25/07

It's that .1% that can ruin a day... TBBrick | 07/27/07

ALL USB? ucbrianr | 07/25/07

Yes, but why would you need users to plug other USB devices in? Big Ole Jack | 07/25/07

Other peripherals ucbrianr | 07/25/07

No user should have local devices connected to their machines Big Ole Jack | 07/25/07

Small Offices may need it walter.white@... | 07/26/07

Um, not quite. . . bkinsey@... | 07/26/07

VAR nhahaj@... | 07/26/07

Re: Umm, not quite eclypse | 07/26/07

No local devices, wha? WoW > Work | 07/27/07

Reality! thuizenga@... | 07/27/07

"...buy a single $15,000..." ROTFLOL!!! TBBrick | 07/27/07

No PS2's hforman@... | 07/29/07

Keyboard - Mouse brian@... | 02/11/08

You have a point... SaintGeorge | 07/27/07

I miss the good old days of external devices all being SCSI based Big Ole Jack | 07/27/07

Paranoid? autocaddraftsman@... | 07/26/07

email attachments ? Peon | 07/26/07

Forget e-mail attachments - use yousendit.com or similar cklammer@... | 08/29/07

The Key Meesha | 08/30/07

Not Paraniid, Experienced rserao | 07/27/07

Paranoid.. I think not ! bullens@... | 07/27/07

That was the point I was trying to make and got heat for it Big Ole Jack | 07/27/07

That?s exactly why... SaintGeorge | 07/27/07

Paranoid no, but I want the repeat business hevymetl | 07/27/07

Bad Apples Salvatus | 07/27/07

RE: bad apples bullens@... | 07/30/07

Not napolionic just the cop who cleans up after the accident... unixwolf.edu | 07/27/07

Rename the attachment computerguy79 | 07/27/07

Last Time a PC Was Stolen hforman@... | 07/29/07

All of those computers? Are you kidding me? ncrum@... | 07/27/07

You don't think that was simple? Justin Fielding | 07/27/07

That's what PS/2 is for. I hate machines with all USB and no PS/2 Big Ole Jack | 07/27/07

get with the programme Justin Fielding | 07/29/07

Get with the program? Excuse me but how many years in IT do you have? Big Ole Jack | 07/30/07

Excuse me but how many years in IT do you have? The Firebrand | 07/31/07

The easiest way and its not overkill computerguy79 | 07/27/07

JB Coldwell, USB port Jerry M. Gartner | 07/30/07

Really a slow day, isn't it? craiglarry@... | 09/06/07

Excuse me, does this disable the use of STORAGE Bob.Roy | 07/27/07

.. Justin Fielding | 07/29/07

for locking up usb port on system gurudatt33@... | 04/07/08

Laptop internal disks? arlosmurf@... | 05/06/08

WHY not allow usb mass sd unlocking with admin password? wesswei@... | 07/11/08

RE: Disable USB storage under OS X or Windows jdumont | 07/24/07

I agree..and lock BIOS down with password Big Ole Jack | 07/24/07

Disable USB storage under OS X or Windows kentkh@... | 08/10/07

You have to limit BIOS access anyway and lock out the users from the BIOS cklammer@... | 08/29/07

WHY? WHY? WHY? RE: Disable USB storage under OS X or Windows Meesha | 07/26/07

Next Year's Budget techrepublic@... | 07/26/07

External DSL VLAN IT cowgirl | 07/26/07

missing the point Justin Fielding | 07/27/07

RE: Disable USB storage under OS X or Windows rob_cranfill | 07/26/07

Use DeviceLock... sales@... | 07/27/07

RE: Disable USB storage under OS X or Windows nwabunnia_1@... | 07/27/07

Security Issues! IT_Godson | 07/27/07

Disable USB? It's quick, easy, The Firebrand | 07/30/07

BRAVO! avatar_man@... | 09/12/07

RE: Disable USB storage under OS X or Windows Helpdesk@... | 07/27/07

Where he found this information. From the DoD. dchow@... | 07/27/07

GPO Group Policy Windows Server 2003 collinsauve@... | 08/02/07

USB under W2K3 R2 GPO Scenario zuben347@... | 09/05/07

RE: Disable USB storage under OS X or Windows nazimyousaf@... | 08/09/07

Answer KenDAWG | 08/10/07

RE: Disable USB storage under OS X or Windows shaun.brachmann@... | 08/16/07

RE: Disable USB storage under OS X or Windows sunilrathore2008@... | 09/27/08

White Papers, Webcasts, and Downloads

Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now
Enabling Device-Independent Mobility with Dynamic Virtual Clients Intel Intel IT is investigating a model where users can access their ... Download Now
Service Management Resource Center IBM Corp. This buyer's guide provides assistance in evaluating identity and access ... Download Now

Top Rated

IPv4 addresses: They are almost gone+23 votes
Broadband2Go: Mobile broadband without the contract+19 votes
Kicking the tires on the Peer Monitor tool+18 votes
Troubleshooting BSOD when saving files to the network in Windows XP+15 votes
Isolated VLANs: Use sparingly or common practice?+9 votes
Visualizing IPv4 addresses on the Internet+8 votes
Delegating DNS record write permissions+7 votes
Jump boxes vs. firewalls+6 votes

TechRepublic Blogs

Quick Reference: Linux Commands: Reduce stress and speed up resolutions with the easiest command references right at your fingertips. You'll receive a PDF file covering Linux, packed with the most common commands you'll need and use daily.; Buy Now

500 Things Every Technology Professional Needs to Know: Did you know Microsoft's RegClean does not work with XP but you can use shareware to clean your registry? Did you know most wireless access points don't have encryption enabled by default? Did you know there are 500 tidbits of information contained in TechRepublic's 500 Things Every Technology Professional Needs to Know that will help you become a successful IT professional.; Buy Now

Network Administrator

Disable USB storage under OS X or Windows

Print/View all Posts Comments on this blog

What do you think?

White Papers, Webcasts, and Downloads

Recent Entries

Top Rated

Archives

TechRepublic Blogs

SmartPlanet