Secure USB ports

by Mitch Tulloch [Published on 1 Dec. 2005 / Last Updated on 1 Dec. 2005]

How to prevent users from downloading sensitive files using USB keys.

USB ports on desktop computers pose a security risk in many environments. This is because simply by inserting a USB flash drive or key into these ports, users can download sensitive files from their computers and transport them off site, possibly in contravention of your corporate security policy.

In Windows XP SP2 you can prevent this by making a registry tweak that makes any USB devices that are plugged into your machine read-only so users can't tranfser files to them. To do this, go to HKLM\System\CurrentControlSet\Control and create a new key named StorageDevicePolicies. Then within this key created a REG_DWORD value named WriteProtect and set it equal to 1.

If desired you could create a .reg file for this tweak and distribute it using a logon script, or you could create a custom ADM template for Group Policy that includes this new setting.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see .

Latest Contributions

Featured Links