deny access to external device

[gnasen]

hey guys,
for a possible job I need to know, if there is any way on windows (XP, Vista, 7) to modify an external device that it cant be read and modified by another PC. This means, that too example an USB stick can only be read by PCs of my choice.

Any ideas?

[Little John]

Hi,

maybe this suits your needs (page in German):

HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Control\ StorageDevicePolicies
WriteProtect = 1

Another possibility is to encrypt the whole USB drive, e.g. using TrueCrypt.

Regards, Little John

[gnasen]

This may be an option, but it seems, that this works only for the PC you change the registry. It would be needed, that the stick wont be accessible (or the content editable) on any other PC. I think this cant be done, but I often read surprising things in this board

Here something about the background: A company has the problem, that very often some users take USB from work to home and infect them. As a solution, the USB sticks should only work, if a special application is installed.

[PB]

At my workplace, NO usb devices can be used at all. If I plug one in,
and try to open it, it says the device is unavailable (or something).

The dumb thing is, the company has NOT disabled CD-ROMs! So I can
just use a rewritable disc to bring things in to run at work! Stupid IT
department!

[Little John]

Here something about the background: A company has the problem, that very often some users take USB from work to home and infect them. As a solution, the USB sticks should only work, if a special application is installed.

It depends ... I assume the users do not do so deliberately, but it happens accidentally, right?

Maybe the company can format the respective USB drives with a file system, that is by default not supported by Windows (e.g. Ext3)? Then on the computers at work, they have to install the proper drivers, and the employees cannot access these USB drives at home. Or do the employees actually need to READ the drives at home? Then an engineer of the company can install software on their home computers, that only allows reading that file system, but no writing.

IMHO best would be a "human solution" rather then a technical one: Tell the employees not to do strange things with these USB drives. But I know that this often does not work.

Regards, Little John

[Mohawk70]

Maybe the company can format the respective USB drives with a file system, that is by default not supported by Windows (e.g. Ext3)? Then on the computers at work, they have to install the proper drivers, and the employees cannot access these USB drives at home.

Any user with Linux installed would be able to access the drive anyway, would they not ?

[Little John]

Maybe the company can format the respective USB drives with a file system, that is by default not supported by Windows (e.g. Ext3)? Then on the computers at work, they have to install the proper drivers, and the employees cannot access these USB drives at home.

Any user with Linux installed would be able to access the drive anyway, would they not ?

It depends ... I assume the users do not do so deliberately, but it happens accidentally, right?

[PureLust]

A company has the problem, that very often some users take USB from work to home and infect them. As a solution, the USB sticks should only work, if a special application is installed.

We also were looking for somekind solution a few month ago.
If a comercial Solution will Be acceptable for you, you may have a Look at CynapsPro - Data Endpoint Protection.
Also Secure it Easy may be an acceptable Solution for less than 15€/PC.

Last but Not least, there is a promising Freeware available: USB-Bouncer.

Greetz, PL.

[utopiomania]

Maybe you could detect the USB like this and do something, like accept it or format it straight away

Code: Select all

procedure deviceEventCallback(windowID, message, wParam, lParam)
  protected result, drive.s
  ;callback procedure to handle camera connect/disconnect events
  result = #PB_PROCESSPUREBASICEVENTS
  select message
    case QueryCancelAutoPlay
      ;disable Autorun
      result = 1
    case #WM_DEVICECHANGE
      select wParam
        case #DBT_DEVICEARRIVAL, #DBT_DEVICEREMOVECOMPLETE        
          ;removable device inserted or removed
          numFiles = 0
          srcPath = ""
          drvLetter = findCamera()
          if len(drvLetter)
            ;camera connected
            srcPath = drvLetter + "DCIM\"
            numFiles = getAllsrcFiles(srcPath, fileExt.s, numFiles, 0, 0, 1)
          endIf
          ;Update step2
          setGadgetText(#WEB, wizardStep2())
      endSelect
  endSelect
  procedureReturn result  
endProcedure