There's a Group Policy defenition available on XP Pro to disable removable devices, but for those stuck with 2K or who have standalone PCs, or who otherwise don't use Group Policy, someone showed me a real nifty trick.

Remove all permissions from the USB storage device driver INF file.

Yes, even SYSTEM.

This can be done from any 2K or XP system, even XP Home Edition, if the system drive uses NTFS:

cacls usbstor.inf /p SYSTEM:N

cacls usbstor.pnf /p SYSTEM:N

Here are more details including how to undo it:

http://www.everything2.com/index.pl?node_id=1718364

What this does is hides the device driver information from the operating system, so Windows does not automatically install new memory devices as they're connected. Removing the files will cause Windows File Protection to replace them, but simply removing permissions to them does not invoke WFP. Devices that have already been connected will still work, but if you connect them and then manually uninstall them with Device Manager, they won't come back.

Windows will auto-install a device driver for a USB stick even for limited users, since the driver's present already, but doing this hack hides the driver from Windows and then throws up the "Only an admin can install this" dialog.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11397/33923#33923