You may someday need to disable the USB ports on your computer so that no one can connect any USB devices to it. In the office, for example, disabling USB ports can help prevent computers from being stolen or infected with viruses or other malware.
Disable USB ports in BIOS settings
- Enter BIOS
- After you have moved to BIOS settings, search the Advanced (Advanced BIOS features) menu for options to enable or disable the USB ports.
- Make sure all USB and Legacy USB Support options are disabled (disabled or off).
- After the changes have been made, save the settings and exit. As a rule, you need to press F10.
- After rebooting the computer, check the functionality of the USB ports, make sure they are disabled.
Disabling USB in Windows
If your computer's BIOS does not have an option to disable USB ports, or if the BIOS does not disable all ports, and you are running Windows XP, Vista, 7, or 8, follow these steps:
Note: You will need to edit Windows registry. Be aware that changing registry values can cause errors or cause the system to not boot at all.
Tip: The tip below only lets you unplug USB storage devices (such as a flash drive). USB devices, such as keyboards and mice will still work.
1. Open the Windows registry by typing regedit command in the search field ("Run") by clicking on the "Start" button.
2. After you have entered the registry editor, go to the branch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
3. In USBSTOR, look for the DWORD value " start", double click on it and change the value to " 4 ", and then click on "OK".
4. Close Registry Editor and next time Windows boot USB will not work.
Tip: If you need to re-enable USB after following the steps above, follow these steps again and change the value from "4" to "3".
Attention: The above steps only work when the driver for the mass storage controller has already been installed. If you are doing this for security reasons and the driver has not been installed, then the value will change to 3 when the user plugs in a storage device and Windows installs the drivers.
You can use ready-made bat files to enable / disable usb ports.
https://yadi.sk/d/jGMdhaNDEBE3W
USB physical disconnect
Although this is often not possible, there is an option to disable the USB ports physically on system board. If the USB ports are on the front or top panel computer, you can simply unplug the USB cable.
Disabling USB ports is recommended as a precaution, namely when connecting flash drives, external drives or other USB devices in order to infect your computer with all sorts of viruses or data theft. It is for these reasons that many IT people in offices and companies block access to them. Without bothering with any programs for these purposes or other settings, they simply disconnect from the motherboard.
Below I will give some examples with descriptions, how to disable usb ports on computer.
Disable USB in BIOS
We go into Bios, for this, while turning on or rebooting the PC, press the Delete key on the keyboard. Go to the Advanced (Advanced BIOS features) section, where we are interested in the next Legacy USB Support option. By default, it has the position Enabled, change to Disabled.
We save the changed values by pressing the hot key F10 and exit.
Through the registry
Using +R, open the Run window and enter the Windows command "regedit" (without quotes). In the editor, go to the branch
Microsoft Registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR |
We find the DWORD parameter "Start" and change its value to "4".
Reboot by clicking the "OK" button.
PS: How to enable USB ports? Change the value back to "3".
device Manager
Open the "Start" menu, right-click on "Computer" and go to "Properties". On the left side of the screen, click on the "Device Manager" link. In the displayed list, look for the item “USB Controllers”, open it and deactivate it with the mouse.
Going to "Properties".
Then " Driver"And then click the button shown in the screenshot below.
Removing USB Controller Drivers
An option that also has a place to be. Just use a program, for example, Ccleaner, to remove drivers from your computer. reverse side is that when you restart your PC it will check for these and install them. Which again will re-open access to the ports.
Fix It Utility
You can download it and at the same time find out how you can deny access using it at this link https://support.microsoft.com/en-us/kb/823732.
With the help of programs
There are enough applications - there are still a lot, you can’t list them all, but I would like to become one on one. Its name is USB Ports Disabler. Download from the link. We start and then everything is intuitively clear.
First, press the button highlighted in the figure below
We confirm our action. And everything is ready!
To enable again, go through the above procedure by clicking on "Enable".
Local Group Policy Editor
a) Open "Run" again, enter "gpedit.msc" and "OK".
b) We go along the branch "Computer Configuration" -> "Administrative Templates" -> "System" -> "Access to Removable Storage Devices"
c) Find the section " Removable drives» "Prohibit reading". Change the value to "Enable".
That's actually all I wanted to tell you today. Leave your feedback and suggestions in the comments below the post. Thank you.
Please note, I'm not talking about installing additional free software, because I know from experience that by closing a hole with free software, you risk opening five more. I suggest using the built-in functions of the OS.
I know from experience that in order to save money, small companies put such versions of “Home Basic” or “Home Premium” on staff machines (well, they only put it if the company tries to work legally and does not want a fine for illegal software. And those companies that are not afraid of checks then put all pirated software and do not suffer))).
And on the versions "Home Basic" and "Home Premium" there are no snap-ins inherent in older brothers. And closing ports using group policies will not work. Therefore, we need to block access directly to the executable files that start the initialization of devices connected to USB ports.
Let's say that there are 3 users on the machine, "Operator", "Manager" and "Administrator" in the groups Administrators and Users
It is necessary to make sure that only the user under the "Administrator" account can use the flash drive.
We turn on the computer, go under the administrator account, open the explorer and write "%SystemRoot%\inf\"(hereinafter in the text copy without quotes).
Next in the search we write "USB"
Outputs approximately 18 items. (depending on what system is, OS version, installed additional drivers for USB)
We need essentially only 8 files.
usb.inf
usbstor.inf
usbport.inf
winusb.inf
usb.PNF
usbstor.PNF
usbport.PNF
winusb.PNF
Then we need to close access to these files to other users. Right click on the file "usbstor.inf" -> "properties"
Go to tab "safety", and press the button "change"
Then we select the users we need to disable. We have this "Operator", "Manager" and "System". If we need to disable all accounts that belong to the "Users" group (these are "Operator" and "Manager"), then we simply put a ban on the group. If only a specific one, let's say "Operator", then we select specifically this account.
Attention account"System" also needs to set a ban on the use of the file.
Then we set a ban on use, switch to another user and also set bans. When the right users will be disabled (I only have "system" and "users")
press the "OK" button
There will be a warning that this will lead to the fact that access to the file will be unavailable and all that (if you wish, you can read it), press the "OK" button again.
Again we read the message about whether we want to do this exactly (if you wish, you can read it), press the “OK” button again.
And we repeat this procedure for the next 7 files.
usb.inf
usbport.inf
winusb.inf
usb.PNF
usbstor.PNF
usbport.PNF
winusb.PNF
If this is only an installed OS, then everything is in order and, in theory, access to the flash drive will not be available to selected users. However, if flash drives were already connected to this system by those users who needed to disable access to flash drives, then you will need to change the key in the registry.
Click start -> write regedit -> open registry
Open the "USBSTOR" folder
and change the value of the "Start" parameter to 4
Tags: disable, usb ports, flash drive
Outsiders, unauthorized usb media in work computers can cause great harm to the entire corporate local network: from the failure of the network as a whole, to the theft of corporate data.
Therefore, many system administrators do not allow "users" to use the so-called "flash drives" on workstations and, if possible, try to disable usb ports. This is not as difficult to do as it seems at first glance (and you don’t even need to fill usb ports with mounting foam, although this does happen).
You can simply disable or even delete the "usb controller" in the "Device Manager", but normal installation drivers will nullify all efforts.
How to programmatically disable the usb port?
The method described below concerns editing the registry to block usb media, but without touching the keyboard, mouse and other working components of the computer.
So, you can disable usb ports on your computer as follows:
Open the registry by running the "regedit" command;
- - further, in the directory, go to the address "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR";
- - in the right part of the window, find the line "Start" and open it by double-clicking the mouse or right-clicking and "Change";
- - by default, the line "Value" should contain the number "3" i.e. she allows usb connection media to a computer with pre-installed usb controller drivers;
- - so, that's it in this line - "Value" and you need to change the number "3" to "4", which will block the connected usb media.
It is necessary to change the registry in this way on all computers in the local network.
How to turn off usb power on a windows computer?
And an important point: you need to restrict the user's rights to access the registry editor, because in order to allow connecting usb media, you only need to change the value back to the number "3".
You can simply limit yourself to setting the ban on editing the registry using "Group Policy" and set the value to "Deny access to registry editing tools" (or "Make registry editing tools unavailable")
This item is located in the "Group Policy" - "User Configuration" - "Administrative Templates" - "System" section
Sometimes it becomes necessary to disable USB ports on a computer or laptop in order to restrict access to connecting flash drives, hard drives and other USB devices. Disabling the USB ports will help prevent the connection of any drives that could be used for theft important information or cause a computer to become infected with a virus and spread malware software over the local network.
Restricting access to USB ports
Consider 7 ways, with which you can block USB ports:
- Disabling USB through BIOS settings
- Changing registry settings for USB devices
- Disabling USB ports in device manager
- Uninstalling USB Controller Drivers
- Using Microsoft Fix It 50061
- Usage additional programs
- Physical disabling usb ports
1. Disabling USB ports through BIOS settings
- Enter BIOS settings.
- Disable all items related to the USB controller (for example, USB Controller or Legacy USB Support).
- After you have made these changes, you need to save the settings and exit the BIOS. This is usually done with the key F10.
- Restart your computer and make sure the USB ports are disabled.
2. Enable and disable USB drives using the registry editor
If disabling via BIOS does not suit you, you can block access directly in Windows itself using the registry.
The instructions below allow you to block access to various USB drives (for example, flash drives), but other devices such as keyboards, mice, printers, scanners will still work.
- Open the Start menu -> Run, type " regedit and click OK to open the Registry Editor.
- Proceed to the next section
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
- On the right side of the window, find the item " start” and double click on it to edit it. Enter value " 4 » to block access to USB storage devices. Accordingly, if you enter again the value " 3 ”, access will be re-opened.
Click OK, close Registry Editor, and restart your computer.
The above method only works when installed driver USB controller. If for security reasons the driver has not been installed, the value of the "Start" parameter can be automatically reset to "3" when the user connects USB stick and Windows will install the driver.
3. Disabling USB ports in Device Manager
- Right click on the icon " Computer» and select context menu item "Properties". A window will open on the left side of which you need to click on the link " device Manager».
- In the device manager tree, find the item " USB controllers' and open it.
- Disable the controllers by clicking the right mouse button and selecting the Disable menu item.
This method doesn't always work. In the example shown in the figure above, disabling the controllers (the first 2 points) did not lead to the desired result. Disabling the 3rd item (USB mass storage device) worked, but it only allows you to disable a single instance of the USB drive.
4. Remove the USB controller drivers
As an option to disable ports, you can simply uninstall USB driver controller. But the disadvantage of this method is that when the user connects a USB drive, Windows will check for drivers and, if they are not available, will offer to install the driver. This in turn will open access to the USB device.
5. Prevent users from connecting USB storage devices using the application from Microsoft
Another way to disable access to USB drives is to use Microsoft Fix It 50061(http://support.microsoft.com/kb/823732/ru - the link may open in a few minutes). The essence of this method lies in the fact that 2 conditions for solving the problem are considered:
- The USB stick has not yet been installed on the computer
- The USB device is already connected to the computer
Within the framework of this article, we will not consider this method in detail, especially since you can study it in detail on the Microsoft website using the link above.
It should also be taken into account that this way Not suitable for all versions of Windows OS.
6. Using programs to disable / enable access to USB storage devices
There are many programs for setting the access restriction to USB ports. Consider one of them - the program USB Drive Disabler. You can download it from the following link. After entering your name and address Email You will receive an email with a download link.
The program has a simple set of settings that allow you to deny / allow access to certain drives. Also, USB Drive Disabler allows you to configure alerts and access levels.
7. Disconnecting USB from the motherboard
Although physically disabling the USB ports on motherboard is an almost impossible task, you can disable the ports located on the front or top of the computer case by disconnecting the cable that goes to the motherboard. This method will not completely close access to USB ports, but it will reduce the likelihood of using drives by inexperienced users and those who are simply too lazy to connect devices to the back of the system unit.
! Addition
Deny access to removable media through the Group Policy Editor
In modern Windows versions it is possible to restrict access to removable storage devices (including USB drives) using the local editor group policy.
- Run gpedit.msc through the Run window (Win + R).
- Go to the next branch " Computer Configuration -> Administrative Templates -> System -> Removable Storage Access»
- On the right side of the screen, find the item "Removable drives: Deny reading."
- Activate this option ("Enable" position).
This section of Local Group Policy allows you to configure read, write, and execute access for different classes of removable media.
