Shavlik: Disable USB Disk Service

Version 5

    Author: Shavlik

    Category: Configuration

    Inputs: None

    Minimum ITScripts engine version required:

    Modifies the target machine: Yes

    Name: Disable USB Disk Service

    Outputs: An Operations Monitor message that indicates if the script was successful.

    Purpose: Disables the USB Storage Service on the target system, preventing users from connecting to a USB storage device. A reboot of the target machine is required.

    Script Version:

    Target Type: Any


    Technical Description:

    This script uses WMI to connect to the target machine's registry and access the USB Storage Service setting. For Windows Vista operating systems or later, the policy setting is then changed to prevent access to USB storage devices.


    - If there are no USB storage devices plugged in when the script is executed but a new USB storage device is plugged into the target machine before it is restarted, the USB Storage Service will be re-enabled.


    - If one or more USB storage devices are already connected to the target machine when this script is executed, additional USB devices that are plugged in after the script is executed will be recognized by the target machine until all USB devices are removed and the target machine is restarted.


    Note: If these settings are managed by GPO, the changes will only take effect until the machine updates its policy.


    Possible Operations Monitor results include:

    "Changes to the policies were required."

    "No changes to the policies were required."

    "The USBStor service has been disabled.  A reboot is required for the changes to take effect."

    "Failed to disable the USBStor service."

    "The USBStor service is not enabled."

    "The USBStor service is not enabled. Policies have been updated requiring a  reboot."

    "Failed to update the registry."