How-To Geek
Registry Hack to Disable Writing to USB Drives
A common security concern at organizations is allowing users to plug in a usb flash drive, because they could so easily copy corporate data.
Since Windows XP SP2, you can disable writing to USB devices altogether using a simple registry hack. Here it is:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
“WriteProtect”=dword:00000001
You can also just download one of the following registry tweaks to enable or disable writing to USB drives.
Once you use the registry hack, you will have to reboot for the changes to take effect. One should also note that if you are using this trick, you should make sure that the users are not administrators on the computer, because they could easily change this setting back.
This works on Windows Vista as well. Here’s the window you’ll get when you try and write to a USB drive:
Got Feedback? Join the discussion at discuss.howtogeek.com
Comments (82)
Programmer by day, geek by night, The Geek, also known as Lowell Heddings, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on Google+ if you'd like.
- Published 03/9/07
Nice Tip!
Great looking web site, I’ll be back soon!
Jamie
How do you prevent employees from copying corporate data to a remote website where they can download it at their leisure?
@C.X.
Typically in an environment that is locked down, you’d have logging on the firewall of all traffic, and probably the majority of outgoing ports would be blocked.
Firewall is the only way to prevent something like that.
This is a great tip, but would this also prevent access to other usb devices like mice, keyboards and cameras?
but what can i do, if the registry is write protected for me? I searched the web from east to west and from south to north ;o)
but i can’t find a tip how to change the registry without rights.
You have to be an administrator on the machine in order to make registry changes.
Elevation of privileges would be the only way for a (limited) user to make changes to the registry. Without using an exploit / malware, you’re pretty well done. Won’t post one here as my SysAdmin hat is on, but I’m sure if you were willing to lose your job, you could try it anyway…
i can’t find StoragDevicePolicies in the registry. How can I change the value?
Im the same as Loi, i dont have this item (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies) when i traverse regedit, therefore im not sure adding it in will make any difference… would i not expect to be seeing this item already?
Hi Guys,
We want to disable write option in CDROM Drive. Which mean the users can copy data from CD to Harddsik and and prevent copy data from harddisk to CD. how to do this in GPO. (win2003 Server)
Thanks,
To prevent users from copying data to another site, use a filtering proxy (like Dans Guardian), in concert with the firewall to keep unneeded ports closed (IPCOP is a good one).
This solution has been working great for me for years.
You can also prevent USB writing with GPO as noted here: http://www.petri.co.il/disable_usb_disks_with_gpo.htm
Preventing CDROM write access can be done a couple ways, as noted here: http://groups.google.com/group/microsoft.public.windowsxp.security_admin/browse_thread/thread/017d5bddad5a735c/4d18246e74faa41e?lnk=raot
And without privilege elevation, there is no way for a non administrative user to write to the registry. There are several methods to gain this ability from a standard user account, however I would strongly suggest that you not attempt it, as if you don’t already know how to do it, and your IT department is anything like mine, they WILL know, and you very likely WILL be fired. Even if you manage to get away with it initially, they WILL find out eventually.
how would you do the same thing in a windows 2000 enviroment.
i cant find the ‘StorageDevicePolicies’ ???????//
what should i do????????
the registry disabling of the usb is the best thing that ever happened to me. i have a communial laptop and telling one not to pop in their flash is telling them to actually do so, i have a project to work on and they will see it but never copy the damn thing. thanks so much i will always be around.
Wakas.
would this hack disable usb for all users even for the administrator?
is there a hack to disable usb read-write for normal users only? i mean a hack that would require administrative rights to enable usb read-write?
thanks in advance
@DAVE: Of Course, we will all lose our jobs, if we try to write the registry without an admin account. Maybe we will be arrested, too. And then the lethal injection will come and we all have to die ;o)
OK it’s great tip. But I am a traveling from system to system only for using my Pen Drive data. It is not possible to change every system registry. Is there any software, which act as “Write Protect Notch” in floppy drive.
hi guyz.
thought bout this already?
with the many people having usb sticks for carrying all their data, i think its important for us to try protecting that data. this is how we do it. we creat a small program that locks the registry and hence the modification of the flash content when i insert the flash and will run in that mode so that i can invoke it while still running to enable writing of specified files then close again. its better than an anti virus coz then the viruses will remain in the host computer wishing they could do something. get your mind working we need to render this viruses jobless. or what is your thought is my approach good enough to handle what i imagine? if not feel free to give me a way to go bout it. Geeks for life
A pointless exercise. An organization can lock down a system as much as they want, but as soon as they provide a cell phone that can use a memory card (i.e. Blackberry), or provide’s an employee with a laptop, you can just wave as your data walks out your door. As the adage goes, “if you make ‘XYZ’ illigal, only criminals will do ‘XYZ’.”
jus out of curiosity i wus lke to know if a cell phone that can use a memory card like nokia n72 will do the same???
can someone tell me how to get my system sound and all sound back on my computer after installing MagicJack a usb device??
Nice work
How do I enable the disabled USB for pendrive in windows vista?
i hv just downloaded the disable write protection file.lets see its works or not
i’ll tell u soon whn i’ll reboot it once
thnx 4 the help in advance coz i suppose it will work
Take care
Works like a charm even on vista, was wondering is it possible to only block write access on specific usb devices using device hardware ids ???
Thank you! Suddenly, my usb camera drive wouldn’t let me make changes or delete photos. I’m the only one who uses the drive and the only one with access, so I had no idea what went wrong. It’s been annoying the heck out of me for weeks and using your information, it’s fixed!
I tried this fix for the same problem I am having with my SD Card. It still says that it is write protected. Is there a different fix for an SD Card? I am running Vista with SP1.
I tried and its working fine. but its block the usb data card access also. did u have any policy to work with USB datacard simultaneously by using usb port
First of all, I would like to say this is a great site and thank you for everything you do to help the IT community.
Secondly, the information and registry script (as well as the user comment on CD R/W) has been very useful. Especially with HIPPA rules and regulations in the medical field..
Thank You Again.
tKKKzzz <3 (:
i try so many more ,it dost work. from 1 unit my usb write protect . now become 4 of my usb become write protect … mati wo what should i do . the registry make my problemn become worst please help me ..
how is it possible to block IRC? (i know irrelevant to this post) i want to unblock it…
How do I enable the disabled file copy in USB for pendrive in windows2000?
Hi,
My USB actually became write protected accidently. I don’t know how but i suspect it was because i shut down the computer before safely removing the USB drive. I used the software given on this page but it doesnt appear to work. Is there a registry hack to enable writing on a USB for windows vista? the one on this page is for disabling
THanks
I can’t find the storagedevicepolicies in the registry.what should i do?
Hi,
Is it possible to block specific sites for users while they are using data cards ?
how can i enable my pendrive “automaticaly” by just plugging the device with no change in registry edit “manualy(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\UsbStor)”
Hi,
how can I enable write protect on windows 2000
I have try this [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
“WriteProtect”=dword:00000001 on windows 2000
But not response.
Please help me.
Thank You.
how to write in USB pen drive or HDD
Hi,
how to set password whene we plugin the usb to computer?
it still can’t fix it…….
what should i do now???
Hi,
I need some help above registry changes are very very helpfull, But if i want to if anyone try to copy from USB, that time they should unable to copy from USB But able to paste from System
if you cant find storageDevicePolicies.. download add.bat
Hey i cant change registry key s because my login is student my admin blocked all the registry key pleas help me,
how to disable write protected in vista using registry key.
thank you
That’s Great for me.
Thanks You a million.
Cany any one help me to get rid of several viruses / trojans that are getting detected on my pendrive, but they are not being removed because the virus has modified some thing and now the disk has become write protected. I tried the registry editor option but it is not working. Please help
thank u sir buc. i have cyber cafe in khargone nd i m very tayed for this prociss so thank u………..for give ans to me
It no work for me. Help!
Hi
please help how can i block USB by regedit or other software in window xp sp1 and block Drive(HDD) don’t other to see drive .
my usb device is write protected. how to solve this problem???????????
Thank You so much. My USB basically locked out all write of all pendrive after I used the new memorex pendrive lock for that particular flash drive. Each time I insert other pen drives, it automatic reject write mode. After I use your enable hack, everything is back to normal. You guys rock.
how to disable write protected in XP SP3 using registry key.
thank you
This one doesn’t work for me. Is there any other way how to fix my usb. Write Protection is still here ;D
I am in the same boat as those ^^ guys.
I have local admin rights. Xp sp3 (which is
Missing the “writeprotect” dword. I’ve read that only sp2 or earlier allows that reg change to enable writes.
Objective:
Enable USB writes on a pc that it’s disabled on. Xp sp3
Hello I can Access my USB but i am not able to format any thing from it i have used above Disabling Trick and restart the computer but STILL I AM NOT ABLE TO FORMAT MY USB PEN DRIVE it is still saying my USB is write protected and i am using VISTA Ultimate final Version and my USB dont have any kind of lock . plz reply me soon waiting 4 your response thanks
Sorry ITS DONE for those who want to Remove USB Write protection just do this FOR VISTA
1.Run
2.regedit (Run it with Administrator)
3.CTRL+F (enter)
4.Search this .. StorageDevicePolicies
5.in Right side there is Writeprotect set it to 0
6.if you see at left side you will notice step 5 is expand from the folder … ControlSet001>Control>StorageDevicePolicies
7.Now Expand ControlSet002>Control>StorageDevicePolicies and SET .. Writeprotect to 0
Thats it close the registry now your write protection is Removed
(Miiiiiiight be you need restart)
Very Thank Yooooooooou!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
Does this work for windows 7? or is there anything like it out there?
Tnx alot.
it’s so benefid.
please assist….i’m having the same issue on SP3…..
Thanks ….. really very helpful
is this ragistry will work on windows 7 also ?
An issue which TrueCtypt 7.0a can’t/won’t resolve. Nothing relevant in any forums either.
TC Volume/container is write-protected on some equipment.
My XP sp3 was previously using TC 6.1 sans issues but since a coupla days ago, after dl TC 7.oa, the problem manifested.
My HKEY_LOCAL_MACHINE\CurrentControlSet\Control\ only goes as far as \Control – nothing ’bout storage etc.
When I look at … Control\FileSystem I find
“NtfsDisable8dot3NameCreation”
which I don’t see as pertinent; but even if it is I wouldna know what to do with it anyway
Can someone throw me a line please?
Hey Vagus…….. you aint seein anythin less than what you expect to see … just download the files and it will install by itself walla!!! no problemo!!!! and re-start your engine after then check your registry and you’ll be seeing those folders you lookin…
not suitable for usb te
this is not working on windows 2003
How would you stop someone from copying a file off of a USB drive? Is there any way other than drm?
Symantec DLP (Data Loss Prevention) is very handy for protection of any sensitive data in the organization.
awesome sharing. thank you very much
Hey boys GIRLS too, ONE EXCELLENT SITE. Fine content rich.
Right off the bat, oh no, I had to type that, and now I have to share my infamous favorite phrase …… “Holy nutjobs Batman”, “I know Robin, bat ‘_ _ _ _!’ crazy.” Just sharing a fav in the labs lately, anywayzzzzzz KICK bleep! you guys(ang gals) ROCK!
It is not working in Win 2003 or 2008
my usb device is write protected. how to solve this problem?
After we disabled the USB port, can the mouse (which attached through the USB port) operates?
YA GOOOOODDD
good that worked n THANKS
Thanks good works Prof.
Hello to u all dears, Sir! yours attempts for the system as to disable the WRITE PROTECTION was efficient, but un fortunately by doing so I could not format my XD card, there might be an other problem. Well sir so nice of you, like your good experts and by resorting them, how we would be un able to conduct a task against any untoward incident. Well THANK YOU again sir n TAKE CARE bye.
Sir would u like to tell about the HEX EDITOR program so as to format the storage devices? specially XD cards!
khote sangato way
Thank u very much. I have been looking for how to solve this kind of problem b4, but now I got it.
The only problem that I am pacing now is my system is showing the following message:
“Cannot import C:\Users\Kano\AppData\Local\Temp\Rar$DI00.310\DisableUSBWrite.org: Error accessing the registry.”
Please I shall be waiting to here from u.
Thanks.
Thanks alot