win 2000 disable removeable drives per user

wyntrblue · 28 November 2006 14:35

as title really,

i need to disable the use of removable drives on win2000 boxes on a per user basis. i need to do it with a reg hack rather than with AD as the machines not on a AD domain.

need to lock out…

floppy
cdrom drives
usb drives…

HELP!

/edit

i have found a *.adm to do the job but cant use it due to lack of domain…

jontyc · 28 November 2006 15:15

the .adm just edits the registry - open it in notepad (.adm) and see which keys it edits

this any use http://www.raymond.cc/blog/archives/2006/05/04/how-to-disable-removable-storage-devices-such-as-usb-drives/

and

http://www.intelliadmin.com/blog/2006/07/disable-cd-rom-drives.html

wyntrblue · 28 November 2006 15:30

thanks for that! maybe you can decifer this sorta thing but i certainly cant

CLASS MACHINE
CATEGORY !!category
 CATEGORY !!categoryname
  POLICY !!policynameusb
   KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
   EXPLAIN !!explaintextusb
     PART !!labeltextusb DROPDOWNLIST REQUIRED
 
       VALUENAME "Start"
       ITEMLIST
        NAME !!Disabled VALUE NUMERIC 3 DEFAULT
        NAME !!Enabled VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY !!policynamecd
   KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
   EXPLAIN !!explaintextcd
     PART !!labeltextcd DROPDOWNLIST REQUIRED
 
       VALUENAME "Start"
       ITEMLIST
        NAME !!Disabled VALUE NUMERIC 1 DEFAULT
        NAME !!Enabled VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY !!policynameflpy
   KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
   EXPLAIN !!explaintextflpy
     PART !!labeltextflpy DROPDOWNLIST REQUIRED
 
       VALUENAME "Start"
       ITEMLIST
        NAME !!Disabled VALUE NUMERIC 3 DEFAULT
        NAME !!Enabled VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY !!policynamels120
   KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
   EXPLAIN !!explaintextls120
     PART !!labeltextls120 DROPDOWNLIST REQUIRED
 
       VALUENAME "Start"
       ITEMLIST
        NAME !!Disabled VALUE NUMERIC 3 DEFAULT
        NAME !!Enabled VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
 END CATEGORY
END CATEGORY
 
[strings]
category="Custom Policy Settings"
categoryname="Restrict Drives"
policynameusb="Disable USB"
policynamecd="Disable CD-ROM"
policynameflpy="Disable Floppy"
policynamels120="Disable High Capacity Floppy"
explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver"
explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver"
explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver"
explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver"
labeltextusb="Disable USB Ports"
labeltextcd="Disable CD-ROM Drive"
labeltextflpy="Disable Floppy Drive"
labeltextls120="Disable High Capacity Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"

jontyc · 28 November 2006 15:33

cool

HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR
change start value to 3 to disable

same for
HKLM\SYSTEM\CurrentControlSet\Services\Cdrom
HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk
HKLM\SYSTEM\CurrentControlSet\Services\Sfloppy

wyntrblue · 28 November 2006 15:42

ah ha, thanks dude