Shulou(Shulou.com)06/01 Report--

How to prohibit the USB interface of all computers in the company from copying files, but not from printers, mice, keyboards, scanners, dongles and other external devices that need the USB interface to work. To put it bluntly, employees are not allowed to take the company's confidential information out.

Here are three methods:

1. To control USB storage devices, general users cannot write or read; some users can read or write USB storage devices; and some people (company executives) do not read or write, and should be able to read and write when needed!

2. No matter what kind of control is used, it can not affect the use of external devices such as USB printers, scanners, dongles, mice and keyboards.

1. Solution 1: all USB ports in BIOS are closed.

2. Plan 2: install USB management software on the client side, control with the software, and install a server to monitor the USB activity of all computers.

3. Plan 3: start from the operating system registry, batch execution management

Let's start with these three options:

Plan 1: the worst way, all the ports are off, what USB equipment can not be used, not to mention this machine and that machine, PASS off.

Plan 2: all computers install Client, the workload is heavy, and there is not enough time at all. besides, many people mind installing software on the client side, one more process takes up more memory, and then someone will yell when the computer is slow. Still PASS,

Third, in fact, this is also the most effective means: batch processing!

Implementation process:

1. First, turn off the automatic drive letter assignment of USB storage devices, open the registry, find HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ USBSTOR, and change the value of "Start" to 4 (disable automatic start). The default is 3 to automatically assign drive letters.

2. Remove the function files of USB storage devices: go to the WINDOWS system directory and find X:\ Windows\ inf. Here, there are two action files for USB storage devices, namely usbstor.inf and usbstor.pnf. Because you may need to reopen the USB feature later, do not delete it. It is recommended to copy it to another location, and delete it, but remember to make a good backup.

Implemented with four lines of batch instructions: copy% Windir%\ inf\ usbstor.inf% Windir%\ usbstor.inf / y > nul copy% Windir%\ inf\ usbstor.pnf% Windir%\ usbstor.pnf / y > nul del% Windir%\ inf\ usbstor.pnf / qbind f > nul

Del% Windir%\ inf\ usbstor.inf / Q nul f > nul

3. Then, it is forbidden to copy the data from the computer to the USB storage device, which means to make the USB storage device read-only.

Open the registry: navigate to HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control, create a new key named "StorageDevicePolicies" under it, select it, create a new DWORD value named "WriteProtect" in the right pane, and set its numerical data to 1

With this, even if you can use USB storage devices, you can only read data unilaterally.

At this point, basically the first process is basically completed, the functions include: prohibit the use of USB storage devices, do not affect other USB peripherals, even if you want to use, you can only set USB storage devices to read-only.

Let's move on to the second part: how to open it? (some users need to use USB storage devices) in fact, reverse operation of the above steps can be completed, but in order to be more complete, write down the process:

1. Find HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ USBSTOR and change the value of "Start" to 3.

2. Restore the function file of the USB storage device, or four lines of instructions: copy% Windir%\ usbstor.inf% Windir%\ inf\ usbstor.inf / y > nul copy% Windir%\ usbstor.pnf% Windir%\ inf\ usbstor.pnf / y > nul del% Windir%\ usbstor.pnf / qamp f > nul

Del% Windir%\ usbstor.inf / qbind f > nul

After completion, the user can use the USB storage device, but can not write anything to it! Try it if you don't believe me.

In this way, the closure is also written, the opening is also written, and the next thing should be known.

Batch code:

Shutdown process:

@ echo off reg add "HKEY_LOCAL_ MACHINESYSTEMCurrentControlSet ControlStorageDevicePolicies" / v WriteProtect / t reg_dword / D1 / f reg add "HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ USBSTOR" / v Start / t reg_dword / d 4 / f

Copy% Windir%\ inf\ usbstor.inf% Windir%\ usbstor.inf / y > nul copy% Windir%\ inf\ usbstor.pnf% Windir%\ usbstor.pnf / y > nul del% Windir%\ inf\ usbstor.pnf / qbinf > nul

Del% Windir%\ inf\ usbstor.inf / Q nul f > nul

@ echo on

Opening process: @ echo off reg add "HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ USBSTOR" / v Start / t reg_dword / d 3 / f

Copy% Windir%\ usbstor.inf% Windir%\ inf\ usbstor.inf / y > nul copy% Windir%\ usbstor.pnf% Windir%\ inf\ usbstor.pnf / y > nul del% Windir%\ usbstor.pnf / qbank f > nul

Del% Windir%\ usbstor.inf / qbind f > nul

@ echo on

Save the above code as two BAT documents and put it in the x:\ Windows\ system32\ directory, such as DisableUSB.bat and EnableUSB.bat

Then enter the command directly in the run: DisableUSB (off) EnableUSB (on)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.