Prevent Ordinary Users From Installing Devices

by Mitch Tulloch [Published on 6 April 2005 / Last Updated on 6 April 2005]

Enhance security by preventing ordinary users from being able to install devices.

Normally in Windows 2000/XP only administrators have sufficient rights to install new hardware on a machine, but PnP provides a way around that in some cases. This is because there are two ways in which PnP can install new hardware: server- or client-side installation. To prevent ordinary users from being able to install PnP devices, you can delete the Driver.cab file, which contains all of the device drivers included with your release version of Windows. This file is found in the C:\Windows\Driver Cache\I386 folder on a desktop system, but it's a hidden file so you have to change your folder options to view it. If you delete this file on a user's machine, then when a user connects a new device to his or her machine and the PnP Manager starts the install process, it won't find a driver locally and will prompt the user for administrator credentials to complete the installation. If you've kept your system patched and up to date with the latest service pack then also be sure to delete the sp*.cab file found in the same folder because this file also contains drivers for supported devices.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links