| This guide is written to help an administrator block the | | | | 2. Click OK. |
| access of USB storage devices in Windows XP. This | | | | 3. Locate and click the following Registry Key: |
| is particularly useful for large offices who work in data | | | | ServicesUsbStor |
| sensitive information, like the Health Care industry. | | | | 4. In the details area, double-click Start. |
| Setting User Permissions | | | | 5. In the Value data box, type 4, click Hexadecimal (if it |
| 1. Log into an Administrator account in the desired | | | | is not already selected). |
| Windows computer. | | | | 6. Click OK. |
| 2. Open up a Windows Explorer window, and in the | | | | 7. Exit the Registry Editor. |
| address field type: %SystemRoot%Inf | | | | Now the system should be locked from using USB |
| 3. Locate the files Usbstor.inf and Usbstor.pnf, select | | | | storage devices. Plug in a USB drive and you will see |
| both files, right-click and go to Properties. | | | | that it will not load. You can check that it does register |
| 4. Click on the Security Tab. | | | | in the Device Manager but is not permitted to load |
| 5. In the Group or User Names list, add the user group | | | | drivers. |
| that you want to deny permissions to. | | | | Verifying in Device Manager |
| 6. In the Permissions for that group, click the Deny box | | | | 1. Click on Start, then Right-click My Computer and |
| next to Full Control. | | | | choose Properties. |
| 7. Now repeat step 6 for the System Account. | | | | 2. Click on the Hardware tab. |
| This will prevent any new access to a USB storage | | | | 3. Click Device Manager. |
| device, but if a device is already installed on the | | | | 4. Listed under Universal Serial Bus Controllers, there |
| computer you will need to complete these additional | | | | should be a device with an exclamation mark. This |
| steps. | | | | would be the USB drive with blocked drivers. |
| These steps require that you modify the registry. This | | | | Restoring The Registry (ONLY use this if you have |
| can cause serious problems if you modify incorrectly. | | | | incorrectly altered the Registry) |
| You should begin by creating a backup of your | | | | Do not use this to reverse the above effects at a |
| registry. This can be restored in the event that you | | | | later date, as restoring to this date will undo any |
| incorrectly modify and cause an error in Windows. | | | | adjustments in windows between these dates. |
| Backing Up The Registry | | | | 1. Click Start, Run and type: |
| 1. Click Start, Run, and type: | | | | %SystemRoot%System32RestoreRstrui.exe |
| %SystemRoot%system32restorerstrui.exe | | | | 2. Click OK. |
| 2. Click OK. | | | | 3. On the Welcome to System Restore page, click |
| 3. On the Welcome to System Restore page, click | | | | Restore My Computer to an Earlier Time and click |
| Create a Restore Point and click Next. | | | | Next. |
| 4. On the Create a Restore Point page, type a name | | | | 4. On the Select A Restore Point page, click the |
| for the Restore Point and then click Create. -if you | | | | system checkpoint you recently created. In the On |
| have restores turned off it will ask whether to turn on | | | | This List Select the Restore Point area, click "Guided |
| now, click yes, in the System Properties dialog box, | | | | Help (Registry Backup)" and click Next. |
| clear the Turn off System Restore check box and | | | | 5. A system message may appear that list |
| click OK. | | | | configuration changes to be made, click OK. |
| 5. After the restore is created click close. | | | | 6. Confirm Restore Point Selection, Click Next. |
| Changing the Registry | | | | 7. Windows will restart, click OK on the confirmation. |
| 1. Click on Start, Run and type: regedit | | | | |