Q. How can I mark my USB storage devices as read-only?
A. Windows XP Service Pack 2 (SP2) introduces a new registry subkey that lets you mark USB-based storage devices such as memory sticks as read-only devices. This is a useful security capability that can prevent users from copying data from their systems and taking that data offsite via a USB device. To enable the USB write protection, perform the following steps:
- Start the registry editor (regedit.exe).
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies subkey. (Create the StorageDevicePolicies subkey if it doesn't already exist.)
- From the Edit menu, select New, DWORD Value.
- Type the name WriteProtect and press Enter.
- Double-click the new value and set it to 1. Click OK.
- Close the registry editor.
- Restart the computer.
To disable this change, you can either set WriteProtect to 0 or delete it.
Very useful tip, especially for out high security areas.
Could this be applied as an administrative template in active directory and if so what would be the scripting/coding?
MPASupport--we've passed your question along to John.
In the meantime....we just ran an article by Alex K. Angelopoulos that involves scripting that might be informative: “Controlling Removable Storage Access: Configuration for Vista and pre-Vista systems” at http://windowsitpro.com/article/articleid/98485/controlling-removable-storage-access.html
Also, I saw a Microsoft article you might want to check out: “Step-By-Step Guide to Controlling Device Installation and Usage with Group Policy”
http://www.microsoft.com/technet/windowsvista/library/9fe5bf05-a4a9-44e2-a0c3-b4b4eaaa37f3.mspx
Best wishes, Caroline
@MPASupport....and any others who were curious--John created a new FAQ that details how to use Group Policy to make a USB drive read-only.
Please go to InstantDoc ID 98588 or here's the article URL:
http://windowsitpro.com/article/articleid/98588/q-how-can-i-set-usb-devices-to-read-only-via-group-policy.html
Register
