Preventing write operation to USB storage devices in Windows XP

This is an interesting factoid that Microsoft added as part of Windows XP Service Pack 2 that lets users prevent data from being written to USB devices (via a registry key). But this is just the start, Longhorn is supposed to add more comprehensive “features”.  Much has been made of the security risks posed by portable storage devices such as USB keys, or flash drives, music players like the iPod, and other small gadgets that can store vast amounts of data. Some fear that such tiny devices can be used to quickly copy sensitive data off business PC hard drives, or to introduce malicious software onto corporate networks.  In the next version of Windows, Microsoft will give big companies an easy way to block use of such devices, while making it easier for consumers to connect their home systems to them.

How to disable a USB device then? Never thought you would ask *grin*. Microsoft calls this “Controlling block storage devices on USB buses”. This feature provides the ability to set a registry key that will prevent write operations to USB block storage devices, such as memory sticks. When this registry key is enabled, the devices function only as read-only devices. You can implement this setting as part of a security strategy to prevent users from transporting data using these devices.

Who does this feature apply to?

  • Users who do not want data to be written from their computer to a USB storage device.
  • IT professionals who want to implement organisation controls over the use of USB block storage devices

What settings are added or changed in Windows XP SP2?

  • Setting Name: WriteProtect
  • Location: HKEY_LOCAL_MACHINE\System\CurrentControlSet\
             Control\StorageDevicePolicies
  • Default Value: DWORD=0
  • Possible Values: 0 – Disabled, 1 – Enabled

More Information:
http://tinyurl.com/4pkv4
http://tinyurl.com/4ocmm

Published by

Amit Bahree

This blog is my personal blog and while it does reflect my experiences in my professional life, this is just my thoughts. Most of the entries are technical though sometimes they can vary from the wacky to even political – however that is quite rare. Quite often, I have been asked what’s up with the “gibberish” and the funny title of the blog? Some people even going the extra step to say that, this is a virus that infected their system (ahem) well. [:D] It actually is quite simple, and if you have still not figured out then check out this link – whats in a name?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.