1

The objective here is to be able to Disable/Enable the usage of USB sticks on the machine.

For this purpose I made two executable files that just set a registry value :

HKLM\SYSTEM\CurrentControlSet\Services\UsbStor\Start

3 to enable the usage of USB sticks
4 to disable it.

The problem I encounter is that, when I restart the machine, I can plug in a USB stick once and it will be possible to read/write in it as usual, even if the value is set to disable. If I remove the stick and plug it back in, I can't see it anymore.

I have been digging a bit and I understood the following :

The start value is actually a value that sets the driver start value. So if I set it to 3, it means that USBSTOR.inf (the USB Mass Storage Driver) is set to start normally with windows. If I set the value to 4, it means that the driver is "Disabled", and therefore should not start when Windows starts.

I have been using the command driverquery (found here) in order to view the driver status for USBSTOR.

Here is a screenshot when the computer just started, and before I try to plug a USB stick in :

USBSTOR Disabled and Running

So this is weird, because the driver is Running, but Disabled ! How is that even possible, I don't get it.

Now if I plug a USB key the computer will see it (because the driver is running) and map it to a drive. After unplugging the USB stick, I ran the same command again, and got this :

USBSTOR disabled and stopped

So now the Driver is Disabled and Stopped. How did it stop ? Why ?

And now, if I plug a USB stick in, I do not see it in my computer, as expected.

My question here is :

Can anybody help me prevent this driver from starting when it shouldn't ?

Update

First precision I need to add is that the target OS is Windows Embedded Standard 7. I have tried a few solutions that would work for Windows 7 Pro but that don't work for WES7.

Then I have seen a few posts talking about GPO, that there was a setting under Administrative Template-->System-->Removable Devices that could be set to prevent the usage of USB devices. While this works fine for a normal computer, it is not present in my WES7 image.

Is there a package I need to add to my image to make this work ?

Last, I have read that another setting in GPO, that was under Administrative Template --> System --> DeviceInstallation. While this prevent the installation of any Removable Device, it does not prevent the usage of already installed devices, so it is only a partial solution.

Is there a way to Enable/Disable the usage of USB devices (or any Removable Device) in Windows Embedded Standard 7 ?

Improve this question

1 Answer 1

Reset to default
0

Finally, I have been able to find a solution to my problem.

Blocking USB with GPO

In order to prevent the usage of USB (and storage) devices on a Windows 7 computer, the easiest way is to modify a GPO.

So, open start menu, type in "gpedit.msc" and look at "Computer Configuration-->Administrative Templates-->System". There should be a folder named "Removable Storage Access". There you will find policies that can allow/disallow the use of USB devices.

Using Windows Embedded Standard 7

Because I was using WES7, the proper package was not installed, so the Policy folder "Removable Storage Access" was not available.

I made a search inside Image Configuration Editor after all .admx files (which are GPO files) and I found out that "RemovableStorage.admx" was in the package "DirectX and Windows Device Experience" (winemb-media-support).

Adding this package to my image corrected my problem.

One problem remains

The first problem I described here remains. If I try to prevent the USBSTOR driver from starting. The status on boot is "Started", but "Disabled". If anybody can find a solution for this one, I would be very thankfull. In the mean time, I will just go with the GPO...

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .