Control external device access rights on Windows PCs
It is easy to connect external devices such as mobile phones, USB Flash drives or external DVD drives to a PC.
The devices get picked up automatically usually and are available for use afterwards.
All devices allow read and write operations by default which may not always be in the best interest of the owner of the system or a network administrator.
Considering that malicious software could spread through the use of these devices, it may be a good idea to limit access rights to read operations only or disable connections of specific device types altogether.
While there are many programs out there for Windows that help you do so, many lack proper protection against manipulation of settings.
Removable Access Tool (Ratool) is a portable program for the Windows operating system that provides you with controls to manage the access rights of external devices.
The main interface looks simplistic on first glance. Here you can switch read and write access rights of all USB storage devices to read only or no permissions at all.
Read only means that files stored on the device can be read but not modified in any way. It is also not possible to add new files or folders to it.
Once you click on Options, you find additional device types listed there that you can control using the application.
This includes:
- CD-DVD Devices
- Floppy Devices
- Tape Devices
- WDP Devices
You can change the default read and write access right to read only or to block the device type completely.
In addition to all that, it is possible to allow or deny access to all removable drives from the same menu. Here you can also disable autorun and enable the display of hidden files on drives by default.
Settings that you make are locked by default. It is furthermore possible to add a password to the program to prevent the changing of preferences by unauthorized users.
Conclusion
Ratool is an easy to use program that leaves little to be desired. While it would be great if the program would support a whitelist of devices, it may find its way into a future version of the application.
The workaround right now is to set the device type to read and write, or read-only, when you require the functionality. That's however not needed in many cases, e.g. a public computer or a computer in a company network.
All in all, it is a useful program that provides you with a good amount of options to control which third-party devices can be connected to a PC running Windows.
does it stop HID devices too like rubber ducky and such?