DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 823732 - Last Review: May 22, 2013 - Revision: 8.0

Problem description

Assume that you want to prevent users from connecting to a USB storage device that is connected to a computer that is running Windows XP, Windows Server 2003, or Windows 2000. This article discusses two methods that you can use to do this.

Resolution

To prevent users from connecting to USB storage devices, use one or more of the following procedures, as appropriate for your situation.

If a USB storage device is not already installed on the computer

If a USB storage device is not already installed on the computer, assign the user or the group and the local SYSTEM account Deny permissions to the following files:
  • %SystemRoot%\Inf\Usbstor.pnf
  • %SystemRoot%\Inf\Usbstor.inf
When you do this, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:
  1. Start Windows Explorer, and then locate the %SystemRoot%\Inf folder.
  2. Right-click the Usbstor.pnf file, and then click Properties.
  3. Click the Security tab.
  4. In the Group or user names list, add the user or group that you want to set Deny permissions for.
  5. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.

    Note Also add the System account to the Deny list.
  6. In the Group or user names list, select the SYSTEM account.
  7. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
  8. Right-click the Usbstor.inf file, and then click Properties.
  9. Click the Security tab.
  10. In the Group or user names list, add the user or group that you want to set Deny permissions for.
  11. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
  12. In the Group or user names list, select the SYSTEM account.
  13. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.

If a USB storage device is already installed on the computer


If a USB storage device is already installed on the computer, you can change the registry to make sure that the device does not work when the user connects to the computer. To have us fix this problem for you, go to the “Fix it for me” section. If you would rather fix this problem yourself, go to the “Let me fix it myself” section.

Fix it for me


To fix this problem automatically, click the Fix this problem link. Then, click Run in the File Download dialog box, and follow the steps in this wizard.


Fix this problem
Microsoft Fix it 50061



Note this wizard may be in English only; however, the automatic fix also works for other language versions of Windows.

Note if you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.

Now go to the "Did this fix the problem?" section.

Let me fix it myself

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
If a USB storage device is already installed on the computer, set the Start value in the following registry key to 4:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
When you do this, the USB storage device does not work when the user connects the device to the computer. To set the Start value, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. Locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
  4. In the details pane, double-click Start.
  5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
  6. Exit Registry Editor.

Did this fix the problem?

Check whether the problem is fixed. If the problem is fixed, you are finished with this article. If the problem is not fixed, you can contact support (http://support.microsoft.com/contactus) .

More information

Please contact the vendor of your USB device to ask about a newer driver. For information about your hardware manufacturer, visit the following Web site:
http://support.microsoft.com/gp/vendors/en-us (http://support.microsoft.com/gp/vendors/en-us)
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Applies to
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Keywords: 
kbmsifixme kbfixme kbinfo KB823732
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support