Modded permissions on USBSTOR registry key revert to defaults automatically

vistapete

Member
Hi,

I'm trying to "harden" a notebook's security by preventing un-recognised USB mass storage devices from being installed by restricting "permissions" on the USBSTOR driver service in the registry for System/Administrators/Users to "Deny".

HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR

This works fine on Xp for example. However when I do this on a Vista machine and insert a "new" USB device the "Installing new device" notification popup appears, followed by a "Do you want Windows to find the device driver..." type dialogue - if I click yes to this the device installs normally and the permissions for the service in the registry as set back to default.

This is a single user (administrator) on a notebook running Vista HP SP2.

Can anyone explain this behaviour and if there's a workaround?

Cheers
 

My Computer

My Computer

System One

  • Manufacturer/Model
    Hp pavillion a6110n
    CPU
    amd athlon 64 x2 live! 4400+
    Memory
    4 gigs 3.3 useable
    Graphics Card(s)
    Finally! SAPPHIRE 100283L Radeon HD 5770 (Juniper XT) 1GB 12
    Monitor(s) Displays
    generic pnp monitor
    Screen Resolution
    1280x1024
    Hard Drives
    7.2k rpm
    1 linux ubuntu partition
    1 vista partition
    1recovery partition
    1 windows 7 partition
    1linux swap partition
    PSU
    500W, antc earthwatts EA500
    Case
    normal black case
    Cooling
    fans
    Keyboard
    saitek cyborg gaming keyboard
    Mouse
    logitech mouse (small to fit hand perfectly)
    Internet Speed
    dsl
    Other Info
    2.3 ghz amd
Katokato the info at link although interesting didn't help as I tried it and the behaviour was exactly the same as that when I modified UBSTOR permissions in the registry. Although the functionality of setting "Start" to 4 in the USBSTOR registry entry did behave as described.

However I did a bit of lateral thinking in that the USBSTOR key points to the driver USBSTOR.sys in \Windows\System32\Drivers\ so I tried modding the permissions here, although it wouldn't allow this. Going into Advanced options I saw the "Owner" was "Trusted installer" so I changed this "Administrators" and set all permissions to "Deny", re-booted and hey presto any new drives fail to install whereas previously installed drives still work - these can be uninstalled manually if access is to be denied in the future.

I'm guessing the ownership issue was causing the previously observed behaviour (although I didn't get an error changing the permissions in the registry).

Anyway thanks for the link, I thought I'd never get an answer but between us I got there!

Thanks
 

My Computer

Back
Top