Restrict USB access on Windows Home
- 28 Sep 2023
- 2 読む分
- 印刷する
- PDF
Restrict USB access on Windows Home
- 更新日 28 Sep 2023
- 2 読む分
- 印刷する
- PDF
The content is currently unavailable in Ja - 日本語. You are viewing the default English version.
記事の要約
この要約は役に立ちましたか?
ご意見ありがとうございます
The following PowerShell script helps the IT Admins to block USB devices like Pendrive, external HDD, SDD.
- Create a file on your desktop, for example, restrict_usb_access.ps1 and open it in a text editor like notepad++
- Copy the contents below to the file or click hereto download the file.Shell
#This script helps to restrict USB Access #Computer restart is required for changes to take into effect (uncomment last line to restart computer via this script) #Update below variables with value 1 (i.e. enable) or 0 (i.e. disable) $Deny_Read = 1 $Deny_Write = 1 $Deny_Execute = 1 $Deny_All = 1 $USBStorageRegKey = 'HKLM:\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}' $USBStorageRegKeyEx = 'HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}' $StorageRegKey = 'HKLM:\Software\Policies\Microsoft\Windows\RemovableStorageDevices' $StorageRegKeyEx = 'HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices' $USBRegKey = '{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}' $DenyReadRegName = 'Deny_Read' $DenyWriteRegName = 'Deny_Write' $DenyExecuteRegName = 'Deny_Execute' $DenyAllRegName = 'Deny_All' $exists = Test-Path $USBStorageRegKey if (!$exists) { New-Item -Path $StorageRegKey -Name $USBRegKey -Force | Out-Null } if($Deny_Read) { reg add $USBStorageRegKeyEx /v $DenyReadRegName /t REG_DWORD /d 1 /f } else { try { $Read = Get-ItemPropertyValue $USBStorageRegKey -Name $DenyReadRegName if($Read -ne $null) { reg delete $USBStorageRegKeyEx /v $DenyReadRegName /f } } catch { } } if($Deny_Write) { reg add $USBStorageRegKeyEx /v $DenyWriteRegName /t REG_DWORD /d 1 /f } else { try { $Write = Get-ItemPropertyValue $USBStorageRegKey -Name $DenyWriteRegName if($Write -ne $null) { reg delete $USBStorageRegKeyEx /v $DenyWriteRegName /f } } catch { } } if($Deny_Execute) { reg add $USBStorageRegKeyEx /v $DenyExecuteRegName /t REG_DWORD /d 1 /f } else { try { $Execute = Get-ItemPropertyValue $USBStorageRegKey -Name $DenyExecuteRegName if($Execute -ne $null) { reg delete $USBStorageRegKeyEx /v $DenyExecuteRegName /f } } catch { } } if($Deny_All) { reg add $StorageRegKeyEx /v $DenyAllRegName /t REG_DWORD /d 1 /f } else { try { $DenyAll = Get-ItemPropertyValue $StorageRegKey -Name $DenyAllRegName if($DenyAll -ne $null) { reg delete $StorageRegKeyEx /v $DenyAllRegName /f } } catch { } } #Restart-Computer -Force
- Choose the Execution level as: Device level.
- The script changes the below Registry values of RemovableStorageDevices to 'Enabled':
'Deny_Read' ; 'Deny_Write' ; 'Deny_Execute' ; 'Deny_All' - Updating the above variables with value 1 means- enable or 0 means- disable. For example, 1 below will block access.Shell
$Deny_Read = 1 $Deny_Write = 1 $Deny_Execute = 1 $Deny_All = 1
- So, when you connect a removable USB storage device to your windows computer, you would be able to see the drive in My Computer, but access to it will be blocked. For example, in the below image, there is an SSD connected to the device however the access to the USB in D:\ drive is blocked.
- Once the script is executed successfully the computer restart is required for changes to take effect.
- Choose the Execution level as: Device level.
- You will be able to see the status of the same in the View Status report on the Scalefusion dashboard.
- Follow our guide to upload & publish the PowerShell script using Scalefusion Dashboard.
Please note that to use the PowerShell scripts, the Scalefusion MDM Agent Application must be installed on the device(s). Please follow our guide to publish and install the Scalefusion MDM Agent Application.
Notes:
1. The scripts and their contents are sourced from various albeit authenticated Microsoft sources and forums.
2. Please validate the scripts on a test machine before deploying them on all your managed devices.
3. Scalefusion has tested these scripts, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these scripts.
2. Please validate the scripts on a test machine before deploying them on all your managed devices.
3. Scalefusion has tested these scripts, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these scripts.
この記事は役に立ちましたか?