The objective here is to be able to Disable/Enable the usage of USB sticks on the machine.
For this purpose I made two executable files that just set a registry value :
HKLM\SYSTEM\CurrentControlSet\Services\UsbStor\Start
3
to enable the usage of USB sticks
4
to disable it.
The problem I encounter is that, when I restart the machine, I can plug in a USB stick once and it will be possible to read/write in it as usual, even if the value is set to disable. If I remove the stick and plug it back in, I can't see it anymore.
I have been digging a bit and I understood the following :
The start value is actually a value that sets the driver start value. So if I set it to
3
, it means that USBSTOR.inf (the USB Mass Storage Driver) is set to start normally with windows. If I set the value to4
, it means that the driver is "Disabled", and therefore should not start when Windows starts.
I have been using the command driverquery
(found here) in order to view the driver status for USBSTOR.
Here is a screenshot when the computer just started, and before I try to plug a USB stick in :
So this is weird, because the driver is Running, but Disabled ! How is that even possible, I don't get it.
Now if I plug a USB key the computer will see it (because the driver is running) and map it to a drive. After unplugging the USB stick, I ran the same command again, and got this :
So now the Driver is Disabled and Stopped. How did it stop ? Why ?
And now, if I plug a USB stick in, I do not see it in my computer, as expected.
My question here is :
Can anybody help me prevent this driver from starting when it shouldn't ?
Update
First precision I need to add is that the target OS is Windows Embedded Standard 7. I have tried a few solutions that would work for Windows 7 Pro but that don't work for WES7.
Then I have seen a few posts talking about GPO, that there was a setting under Administrative Template-->System-->Removable Devices that could be set to prevent the usage of USB devices. While this works fine for a normal computer, it is not present in my WES7 image.
Is there a package I need to add to my image to make this work ?
Last, I have read that another setting in GPO, that was under Administrative Template --> System --> DeviceInstallation. While this prevent the installation of any Removable Device, it does not prevent the usage of already installed devices, so it is only a partial solution.
Is there a way to Enable/Disable the usage of USB devices (or any Removable Device) in Windows Embedded Standard 7 ?