How to disable USB Drives - gHacks Tech News

How to disable USB Drives

If you are not using external USB devices at all, or if company policy forbids their usage, you may want to disable them on the computer systems in the network. What you may not want to do however is disable USB support entirely, as you may have other devices, headphones or printers for instance that connect to USB ports. Disabling USB flash drives may also be useful if you are administrating public computer systems and do not want anyone to attach a storage device to the system.

There is an easy way to disable USB drives but not USB ports in general. You need to make a change to the Registry for that. Press Windows-R to bring up the run box, type regedit and tap on the enter key to load the editor. Please note that you may receive an UAC prompt on Vista or newer versions of Windows that you need to accept.

Use the folder structure on the left to browse to the following folder:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

The value of START determines if USB drives are disabled or not, if the value is set to 4 USB drives are disabled, if it is set to 3 they are enabled.

Update: It needs to be noted that this method is only disabling USB storage devices, and not other peripherals that you connect via USB. It in particular does not affect keyboards, mice, headsets, printers, scanners, and routers that you may connect via USB.

The setting basically tells Windows to start or block the driver responsible for connecting those USB storage devices to the system. If you set its value to 4, the driver is blocked from being loaded, and so are USB drives that you connect to the computer.

If you prefer not to manually edit the system's Registry for that, you can alternatively download USB Drive Disabler from this download site. You need to scroll down before you see it listed under the free tools offered on the page.

disable-usb

Just start the program and check how you want your system to be configured. Select Disable USB Drives, and click apply afterwards, if you want USB drives from being blocked automatically on the system. You can restore the setting at anytime by running the program again, and selecting the enable option this time.

The developers of the application have also made available a remote USB disabler which you can use to remotely enable or disable USB drive support on systems in the same computer network. The download is listed on the same download page.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. John said on April 28, 2006 at 8:59 pm
    Reply

    I use Win XP HE and there is no UsbStor in the registry located where you indicated.

  2. Martin said on April 28, 2006 at 10:57 pm
    Reply

    John, what does HE mean ?

    My Windows XP version has this key and I was able to edit it accordingly.

  3. IntelliAdmin said on April 29, 2006 at 3:51 am
    Reply

    Just go to

    http://www.intelliadmin.com/blog/2006/04/disable-usb-drives.html

    And they have a program that will do it for you

  4. Martin said on April 29, 2006 at 8:21 am
    Reply

    why don´t you say we have a program intelliadmin ;)

  5. Ken Westin said on April 29, 2006 at 9:49 am
    Reply

    If you manage a corporate network, full no disabling USB ports might pose a problem. Windows by default has minimal controls of USB ports (or firewire or bluetooth) for that matter. Sometimes you need to grant certain users read access to certain devices. There are software products like DeviceWall that allow you provide granular access controls allowing the admin to decide which devices users can connect to and if they have read/write access to those systems. This can help secure your endpoints, but also allow certain users to use those devices that they need to do legitmate work and even encrypt the data that is written to USB flash drives by default.

  6. John said on April 29, 2006 at 4:52 pm
    Reply

    Martin, HE = Home Edition as opposed to the Professional edition. Was yours the home or pro version?

  7. Martin said on April 29, 2006 at 4:53 pm
    Reply

    Ah, mine is the Pro Edition.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.