Disable USB ports from CMD or Powershell

Navigation
1

I'm doing a project in which, from Java, I execute commands from the CMD or Powershell to carry out certain tasks (like, in this case, disable the USB ports of a computer).

I've been looking for information and what really fits what I want to do is enable local group policy:

  

"Local Computer Policy -> Computer Configuration - > Administrative Templates -> System -> Removable Storage Access -> All Removable Storage Classes: Deny Access to Everything" .

When I enable this policy, it automatically redefines the USB's introduced by applying the changes.

I inspected the changes in the registry that are made when activating this directive and they are, more or less, the ones explained here: 

https://thorv.wordpress.com/2013/12/11/habilitardeshabilitar-escritura-y-lectura-de-dispositivos-de-almacenamiento-extraibles/

These changes in the registry can be easily done from the command line, but the problem is that for my PC to take the updated values of HKEY_LOCAL_MACHINE I have to restart the computer (undesirable situation).

What brings me to the issues:

  • Is there a way to change the registry values and that the PC take these updated values without having to restart the computer ?.
  • Can I change the local group policies from the command line ?.
  • Any other ideas?
asked by AngryCoder 27.02.2017 в 10:17
source

2 answers

0

After several tests I think this is the optimal solution to my problem:

1º-We disable the functionality on the PC to detect new external storage devices, that is, whose drivers are not installed on our computer: 

reg add HKLM\SYSTEM\CurrentControlSet\Services\UsbStor /v "Start" /t REG_DWORD /d "4" /f

2º-We delete all the drivers of the installed USB devices on the PC (this will also eliminate the possibility of using the keyboard and mouse, but only momentarily: 

devcon.exe remove *USB*

3º- We re-scan the connected USB devices, so that Windows will automatically install the drivers of the devices that are not external storage (eg: Mouse, keyboard ...), thus obtaining the desired result: 

devcon.exe rescan

4th - If we want to allow the use of external storage USB in our computer again, we will introduce the command (It may be necessary to remove and reconnect the USB that we want to use, in case it is connected to the PC in the time to enter the command): 

reg add HKLM\SYSTEM\CurrentControlSet\Services\UsbStor /v "Start" /t REG_DWORD /d "3" /f

PS: Everything must be run with administrator privileges.

    
answered by 03.03.2017 / 09:29
source
0

You can use this command that allows you to modify the registration key to disable the use of USB devices. 

reg add HKLM\SYSTEM\CurrentControlSet\Services\UsbStor /v "Start" /t REG_DWORD /d "4" /f

To activate it use the value 3 .

O You can block access to Usbstor.pnf and Usbstor.inf 

cacls %windir%\Inf\Usbstor.pnf /d usuario
cacls %windir%\Inf\Usbstor.inf /d user

Where usuario is the user to whom you want to disable access to the USB. To activate it 

cacls %windir%\Inf\Usbstor.pnf /p user:R
cacls %windir%\Inf\Usbstor.inf /p user:R

Both commands require Administrator Privileges .

Original Answer: link

    
answered by 27.02.2017 в 12:24
Decompose the result of a MySql query that is in JSON to new indexable fields in elasticsearch with logstash Nginx does not recognize php 7 [closed]