有没有一种编程的方法可以在保持USB端口对键盘和鼠标这类设备功能正常的同时,禁用USB存储设备?
4个回答
7
摘自此处,未经测试:
Directions for Use:
1.) Take the following blue text, copy it, and paste it into a text document. Then, save it as USBSTOR.ADM.
CLASS MACHINE
CATEGORY "Custom Policies"
KEYNAME "SYSTEM\CurrentControlSet\Services\UsbStor"
POLICY "USB Mass Storage Installation"
EXPLAIN "When this policy is enabled, USB mass storage device permissions can be changed by using the drop down box.
Selecting 'Grant Permission' will allow USB mass storage devices to be installed. Selecting 'Deny Permission' will prohibit
the installation of USB mass storage devices.
IF REMOVING THIS POLICY: Reset to original setting and let policy propegate before deleting policy."
PART "Change Settings:" DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME "Grant Permission" VALUE NUMERIC 3 DEFAULT
NAME "Deny Permission" VALUE NUMERIC 4
END ITEMLIST
END PART
END POLICY
END CATEGORY
2.) Open a group policy management console (gpedit.msc), and right click on "administrative templates" under "Computer Configuration". Select "Add/Remove Templates".
3.) Browse to the text document you just saved and click OK. You'll now see "Custom Policies" under "Administrative Templates". Right click on it, select "View", then select "Filtering". Uncheck the bottom box, labeled "Only show policy settings that can be fully managed".
4.) Click ok. Now you'll see the USB policy available for use under the custom policy heading. From there, you can enable or disable it just like any other policy.
或者(在XP SP3上测试过可禁用USB存储设备)
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR" /v Start /t REG_DWORD /d 4 /f
(启用USB存储设备,已在XP SP3上测试)
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR" /v Start /t REG_DWORD /d 3 /f
- PabloG
1
然而,这些更改似乎并不是立即生效的。发出gpupdate命令似乎没有帮助,需要重新启动吗? - NiteRain
4
我们可以使用以下批处理文件来禁用和启用USB存储。
Disable_usb_storage.bat
禁用USB存储的批处理文件:@echo off
:: Disable USBstor driver
reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 4 /f
:: USB Read Only Mode
reg add HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /v WriteProtect /t REG_DWORD /d 1 /f
:: USB Disable startup
reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Boot /t REG_DWORD /d 0 /f
rem reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v System /t REG_DWORD /d 1 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Auto Load /t REG_DWORD /d 0 /f
:: Disable read permissions on USBstor driver
:: Remove Access for Users from files
cacls %SystemRoot%\inf\usbstor.inf /E /R users
cacls %SystemRoot%\inf\usbstor.PNF /E /R users
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R users
cacls %SystemRoot%\inf\usbstor.inf /E /D users
cacls %SystemRoot%\inf\usbstor.PNF /E /D users
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D users
:: Remove Access for System
cacls %SystemRoot%\inf\usbstor.inf /E /R system
cacls %SystemRoot%\inf\usbstor.PNF /E /R system
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R system
cacls %SystemRoot%\inf\usbstor.inf /E /D system
cacls %SystemRoot%\inf\usbstor.PNF /E /D system
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D system
:: Remove Access for ower Users
cacls %SystemRoot%\inf\usbstor.inf /E /R "Power Users"
cacls %SystemRoot%\inf\usbstor.PNF /E /R "Power Users"
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R "Power Users"
cacls %SystemRoot%\inf\usbstor.inf /E /D "Power Users"
cacls %SystemRoot%\inf\usbstor.PNF /E /D "Power Users"
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D "Power Users"
:: Remove Access for Administrators
cacls %SystemRoot%\inf\usbstor.inf /E /R Administrators
cacls %SystemRoot%\inf\usbstor.PNF /E /R Administrators
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R Administrators
cacls %SystemRoot%\inf\usbstor.inf /E /D Administrators
cacls %SystemRoot%\inf\usbstor.PNF /E /D Administrators
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D Administrators
:: Remove Access for EveryOne
cacls %SystemRoot%\inf\usbstor.inf /E /R Everyone
cacls %SystemRoot%\inf\usbstor.PNF /E /R Everyone
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /R Everyone
cacls %SystemRoot%\inf\usbstor.inf /E /D Everyone
cacls %SystemRoot%\inf\usbstor.PNF /E /D Everyone
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D Everyone
REM ::USB_REG_PERMISSION_changes
:: If parameter recover then undo all this
IF [%1]==[enable] GOTO Enable
:: Create a temporary .REG file - DISABLE USB
> "%Temp%.\u1.ini" ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR [0 0 0 0]
regini "%Temp%.\u1.ini"
DEL "%Temp%.\u1.ini"
:Exit
:: Leave state
-----------------------------------------------------------------
========================================
Enable_usb_storage.bat
----------------------------------------------
@echo off
:: Enable USBstor driver from registry
reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 3 /f
:: Enable USBstor READ / Write mode
reg add HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /v WriteProtect /t REG_DWORD /d 0 /f
REM :: Remove permissions of actual USBSTORAGE Files
:: Provide Access for Users from files
cacls %SystemRoot%\inf\usbstor.inf /E /G users:F
cacls %SystemRoot%\inf\usbstor.PNF /E /G users:F
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /G users:F
rem cacls %SystemRoot%\inf\usbstor.inf /E /D users
rem cacls %SystemRoot%\inf\usbstor.PNF /E /D users
:: Provide Access for System
cacls %SystemRoot%\inf\usbstor.inf /E /G system:F
cacls %SystemRoot%\inf\usbstor.PNF /E /G system:F
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /G system:F
rem cacls %SystemRoot%\inf\usbstor.inf /E /D system
rem cacls %SystemRoot%\inf\usbstor.PNF /E /D system
:: Provide Access for ower Users
cacls %SystemRoot%\inf\usbstor.inf /E /G "Power Users":F
cacls %SystemRoot%\inf\usbstor.PNF /E /G "Power Users":F
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /G "Power Users":F
rem cacls %SystemRoot%\inf\usbstor.inf /E /D "Power Users"
rem cacls %SystemRoot%\inf\usbstor.PNF /E /D "Power Users"
:: Provide Access for Administrators
cacls %SystemRoot%\inf\usbstor.inf /E /G Administrators:F
cacls %SystemRoot%\inf\usbstor.PNF /E /G Administrators:F
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /G Administrators:F
rem cacls %SystemRoot%\inf\usbstor.inf /E /D Administrators
rem cacls %SystemRoot%\inf\usbstor.PNF /E /D Administrators
:: Provide Access for EveryOne
cacls %SystemRoot%\inf\usbstor.inf /E /G Everyone:F
cacls %SystemRoot%\inf\usbstor.PNF /E /G Everyone:F
cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /F Everyone:F
rem cacls %SystemRoot%\inf\usbstor.inf /E /D Everyone
rem cacls %SystemRoot%\inf\usbstor.PNF /E /D Everyone
rem cacls %SystemRoot%\system32\drivers\USBSTOR.SYS /E /D Everyone
REM ::USB_REG_PERMISSION_changes
:: If parameter recover then undo all this
IF [%1]==[enable] GOTO Enable
:: Create a temporary .REG file - DISABLE USB
> "%Temp%.\u1.ini" ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR [1 5 8 11 17]
regini "%Temp%.\u1.ini"
DEL "%Temp%.\u1.ini"
:Exit
:: Leave state
- user308111
3
我还没有测试过,但它看起来很合理。好的一点是,如果设备已经被使用过至少一次,导致创建了usbstor设备,它会执行所需的注册表编辑,并对usbstor项目进行用户访问修改。 - Richard Chambers
另一个想法是,为了启用USB存储以供需要访问的人使用,您需要运行命令“net start usbstor”来打开服务,并运行命令“net stop usbstor”来关闭它。请参见http://diaryproducts.net/about/operating_systems/windows/disable_usb_sticks。 - Richard Chambers
我发现的一个问题是,由于访问被拒绝,尝试重新启用非常麻烦。因此,基本上一旦您计划启用,就必须更改文件的所有权。 - Vnge
0
最简单的方法是创建一个包含更改后的注册表值的.reg文件,然后使用WA运行一个类似于以下命令的dos命令:
regedit.exe /s pathto.regfile
- Hossam Zein
0
- 首先重新启动您的计算机
- 打开注册表
HKEY_LOCAL_MACHINE- System
- CurrentControlSet
- Service
- USBstore
- 将禁用设置为
4,将启用设置为3
- ankit moradiya
网页内容由stack overflow 提供, 点击上面的可以查看英文原文,
原文链接
原文链接