by May 2, 2011 0 comments

The Universal Serial Bus or the USB port has emerged as the defacto standard and an easy medium for data transfer. USB pen drives, extrenal disk drives, or even USB data cards, etc depend upon this port for easy connectivity and data transfer. Most mobile phones are coming up with chargers which can connect to USB port to charge themselves as well as to connect to the computer using the mini USB data cord. Therefore, there is no debate regarding the usability and the effectiveness and ease of usage of this port. However, this extreme ease and effectiveness can prove to be a bane as well for organizations wanting to protect their important data. A 1 GB USB stick can sometimes hold an entire company’s vital data. Within minutes or even seconds an employee can steal all the files he need to start up his own business and take away all the customers with him. Also, USB keys are not just a popular way to sneak data out from company, disgruntled employees may use USB ports for delivering Trojans or spyware into your company network.

Applies To: Network Admins
USP: Learn how to prevent data theft from USB ports
Primary Link:: None
Search Engine Keywords: USB port locking, blocking USB ports

Most computing devices come with a USB port these days. Hence it becomes extremely important for your IT team to keep a tab on the usage of this port for data transfer and to block it if required. Here are some ways to block the USB ports on various systems in your organization.

Block from BIOS

It can be enabled or disabled from a system’s BIOS where the peripheral device settings are configured. While booting the system, there is an option to configure BIOS settings. The only problem with this approach is that you will not be able to use those USB ports for any purpose like connecting USB keyboards or mouse or any devices. Some versions of BIOS are password protected by admin and thus nobody can hack open the setting to enable USB functionality.

Disable through
device manager

Another way to restrict the usage of USB ports can be by blocking their functioning through device manager settings. You can do this by Right clicking on ‘My Computer’and select ‘Manage’ option, a new window will appear. Here select ‘System Tools’ and click on ‘Device Manager’. On the right side of the window pane, a list will appear that will show you the components attached to your system. Select the USB port, right click and disable the port. This requires Admin rights and thus the employees cannot do so without admin’s consent.

Change registry settings

Both of the previous approaches can prove to be counter-productive as your staff can no longer connect USB keyboards, wireless mouse, digital cameras, camcorders, scanners, printers or even USB microphones to their computers. So a better option is to disable write access to the USB port so that data files cannot be copied to USB storage devices. Any external USB based storage device would appear as read only. An effective way of doing this is by tweaking your Windows Registry. It will allow you to use your USB port for other functions like connecting keyboard or mouse but it will not allow copying data to external USB storage devices. Here’s how.

A. Click on Start —> Run —> regedit [enter]
B. Search for the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor”
C. Select the key UsbStor, double click on Start value.
D. In “Value data”, enter 4 to disable USB storage, or enter 3 to enable USB storage on Windows system

Use third party software

Use of a third party software more or less simulates the above processes in some form or the other. There are software like IntelliAdmin USB Disabler Pro. This can be downloaded from

This software allows you to prevent unauthorized use of USB flash drives and memory sticks, without interfering with keyboards, scanners, or mice. The setup wizard picks the ‘Administrators’ group as the default option. You can select your own custom security group by selecting the second option and typing in its name. USB Disabler is active and ready to block access to USB flash drives when they are plugged in. The admin has the option of allowing a particular ID flash drive to work. Also, when the Admin logs in through the authorized account, he gets the full usage of USB ports. Group policy can be used to deploy USB Disabler across your network. This in conjunction with the group policy ADM template is easy to manage USB Disabler over large networks.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.