Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
These USB flash drives, however, have been giving them fits. The things fit on a keychain or in a pocket, hold gobs of data, and work with every computer they've got. They can't just disable the USB ports, either, since they went whole-hog with the USB thing and rely on it for keyboards, mice, scanners, portable tape backup devices, and more. I think they were considering installing microwave blasters in exterior doorways in an attempt to fry the things; fortunately, Microsoft came to the rescue.
Windows XP Service Pack 2 brings relief. It's got a trick which allows you to mark USB devices as read-only, which means the desktop support guys can still carry little utilities and whatnot on them, but no data can be written to them and carried out of the building. You'll need to edit the registry to accomplish this, so all the usual registry-editing caveats, warnings, and provisions apply.
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies (create it if it doesn't exist).
Under that, create a new DWORD value named WriteProtect, and set it to 1. Restart the computer and you're done. Now, I don't think this value exists under the ultra-convenient Policies section of the registry, which would allow it to be managed via Group Policy, which seems like a startling omission. Still, it's not tough to write a logon script in WinBatch that sets this registry value on any computers you want.
Article ID: W16482
File Created: 2005:02:18:12:20:54
Last Updated: 2005:02:18:12:20:54