How to disable write access to removable storage devices.


19.10.2009

Theft of trade secrets and other corporate documentation gets easier and easier everyday. 1GB+ USB sticks can fit in your shirt pocket and that data that it can hold can be devastating to an organization. Front mounted USB ports just make it easier!

Do you want to prevent this phenomenon in your company?

Here is a registry entry that is able to disable the USB drive access to USB mass storage device such as flash drive, USB key, thumb drive, pendrive and portable hard disk while keeping the USB hardware device such as webcam, mouse, keyboard, printer and scanner connected to USB ports working as usual.

USB Removable Device Write-Protected

For this tip to work in Windows XP you must have installed at least Service Pack 2.

Open the registry editor using regedit in the run command field (Win+R keys).

If you are using Windows Vista, type regedit in the search field in the Start menu and then press Enter.

In both cases you will need to have administrator rights to be able to make the changes.

Next you will have to identify in the registry editor the key HKEY_LOCAL_MACHINESystemCurrentContolSetControlStorageDevicePolicies from the registry structure.

This registry entry disables Write on USB

If this key is not present, you will have to create it by using Edit|New|Key. Now right click in the free space from the right window and select contextual option New|DWORD value or DWORD Value (32 bit).

This time overwrite the name suggested by Windows with Write-Protect. Click on the new entry and set its value to 1 in the dialog box „Edit DWORD Value (32 bit)”.

Further on confirm the changes that you made by pressing OK and then close this section of the registry editor by using File | Exit.

After that reboot the computer to activate the changes made and from now on you will be protected against people that are transferring data to USB sticks.

As an observation in the future, if you want to allow the data to be copied on removable devices you will have to enter zero as a value to the Write-Protect key in registry editor.

Tags: registry, value, editor, using, drive, changes, entry, data, removable, device, easier, windows, right, dword, want, disable, writeprotect, access, ports, click, able, such, made, make, sticks, write, enter, devices, field, storage