Restrict USB pen drive access on XP networks

This tip tells you how to disable the USB Pen Drive installation mechanism on a Windows XP network.

The new USB pen drive installation mechanism on XP machines works with two files stored in the Windows/Inf folder: usbstor.inf and usbstor.pnf.

To disable this function, you must deny access to the "System" built-in user group for the XP machine.

However, on large networks, changing the permissions for these two files on each individual machine is a hassle. However, you can easily incorporate these permissions into your log-on script as shown below:

cd c:\windows\inf echo|y cacls usbstor.inf /p system:n echo|y cacls usbstor.pnf /p system:n

Now any new USB pen drives connected to the PCs will not be automatically installed. To enable access, you will have to change the n's in the script to f's.

