How to lock down USB Keys and Be Notified When They Are Opened ~ Gimik.com sa Philippines

This is a simple guide courtesy by Spiceworks.
These are three scripts that will make the locking down of USB so much easier.

The issue I had was that I could not track what company information was leaving on USB keys. Yes Windows 7 has some neat stuff with BitLocker but I need it locked down now.

IntelliAdmin has some tools for turning off USB Keys but what about when users need them to perform their job? Ie. Download photos, use HSDPA / Wireless Cards? The solution?

Make the drives read only. This means that the users can bring in their information or use wireless cards and download photos but cannot write back to devices.

There are two VBscripts for these:

1.
Locking down USB Drives to Read Only
HKEY_LOCAL_MACHINE = &H80000002
Err.Clear
' On Error Resume Next
strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","IT-0")
' Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
' If Err.Number Then
' Wscript.Quit
' End If
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
If Err.Number Then
WScript.Echo "Computer Name Does Not Exist"
Wscript.Quit
End If
if strcomputer = "" then
Wscript.Quit
End if
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
ValueName = "WriteProtect"
DwordValue = "1"
objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue
If IsNull(DwordValue) Then
Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue
Elseif DwordValue=0 then
Wscript.Echo "The USB Key for computer " & strComputer & " is now OPEN: Not Read Only! - ", DwordValue
else
Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue
End If
If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _
strComputer & "\root\cimv2")
Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOS in colOS
objOS.Reboot()
Next
End If

2.
Open USB Drives but be notified by a Email and a Log File
Firstly create a text document in the same directory as your VBScript called changelog.log
Then continue to cut and paste below into a text document with your heading and an extension of .vbs
----------------------------
' On Error Resume Next
HKEY_LOCAL_MACHINE = &H80000002
strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","My-Computer")
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
If Err.Number Then
WScript.Echo "Computer Name Does Not Exist"
Wscript.Quit
End If
dim objNetwork
Dim fso
Dim CurrentDate
Dim LogFile
CurrentDate = Now
Set objNetwork = WScript.CreateObject("WScript.Network")
Set fso = CreateObject("Scripting.FileSystemObject")
strUser = objNetwork.UserDomain
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
ValueName = "WriteProtect"
DwordValue = "0"
objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue
If IsNull(DwordValue) Then
Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue
Elseif DwordValue=0 then
Wscript.Echo "The USB Key for computer " & strComputer & " is: Open and Not Read Only! - ", DwordValue
Set LogFile = fso.OpenTextFile(BinPath & "ChangeLog.log",8,true,0)
LogFile.WriteBlankLines 1
LogFile.WriteLine("================================================================================")
LogFile.WriteLine("USB Access changed to OPEN" & " By User " & objNetwork.UserName )
LogFile.WriteLine(Now & " - The Registry Key for " & strComputer & " is open.")
LogFile.WriteLine("================================================================================")
LogFile.WriteBlankLines 1
LogFile.Close
' ------ NOTIFY OF USB KEY CHANGE ACCESS ------
strFrom = "usbaccess@yourdomain.com.au"
strTo = "it@yourcompany.com.au"
strSub = "USB Access changed to OPEN" & " By User " & objNetwork.UserName
strBody = "USB Access changed to OPEN" & " By User " & objNetwork.UserName & " on " & Now & " - The Registry Key for " & strComputer & " is now open."
strSMTP = "YOUR-INTERNAL-SMTP-SERVER"
' ------ END CONFIGURATION ---------
set objEmail = CreateObject("CDO.Message")
objEmail.From = strFrom
objEmail.To = strTo
objEmail.Subject = strSub
objEmail.Textbody = strBody
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTP
objEmail.Configuration.Fields.Update
objEmail.Send
else
Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue
End if
If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _
strComputer & "\root\cimv2")
Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOS in colOS
objOS.Reboot()
Next
End If

Conclusion
You can also run this script to see whether the change you have made is successful:
' On Error Resume Next
HKEY_LOCAL_MACHINE = &H80000002
strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name")
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
ValueName = "WriteProtect"
objReg.GetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue
If IsNull(DwordValue) Then
Wscript.Echo "The value is either Null or could not be found in the registry."
Elseif DwordValue=0 then
Wscript.Echo "The USB Key is: Not Read Only - ", DwordValue
else
Wscript.Echo "The USB Key is Secured and Read Only - ", DwordValue
End If

Gimik.com sa Philippines

Wednesday, October 28, 2009

How to lock down USB Keys and Be Notified When They Are Opened

Locking down USB Drives to Read Only

Open USB Drives but be notified by a Email and a Log File

Conclusion

0 Responses so far:

Leave a Reply

Site search

Join The Community

Advertisement. To keep us alive.

Link List Example

Your Links

Your Links

Download Now

Recent Post

Popular Post

Recent Comments

Useful Widgets

1.	Locking down USB Drives to Read Only HKEY_LOCAL_MACHINE = &H80000002 Err.Clear ' On Error Resume Next strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","IT-0") ' Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") ' If Err.Number Then ' Wscript.Quit ' End If On Error Resume Next Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") If Err.Number Then WScript.Echo "Computer Name Does Not Exist" Wscript.Quit End If if strcomputer = "" then Wscript.Quit End if Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies" objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath ValueName = "WriteProtect" DwordValue = "1" objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue If IsNull(DwordValue) Then Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue Elseif DwordValue=0 then Wscript.Echo "The USB Key for computer " & strComputer & " is now OPEN: Not Read Only! - ", DwordValue else Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue End If If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _ strComputer & "\root\cimv2") Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") For Each objOS in colOS objOS.Reboot() Next End If
2.	Open USB Drives but be notified by a Email and a Log File Firstly create a text document in the same directory as your VBScript called changelog.log Then continue to cut and paste below into a text document with your heading and an extension of .vbs ---------------------------- ' On Error Resume Next HKEY_LOCAL_MACHINE = &H80000002 strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","My-Computer") On Error Resume Next Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") If Err.Number Then WScript.Echo "Computer Name Does Not Exist" Wscript.Quit End If dim objNetwork Dim fso Dim CurrentDate Dim LogFile CurrentDate = Now Set objNetwork = WScript.CreateObject("WScript.Network") Set fso = CreateObject("Scripting.FileSystemObject") strUser = objNetwork.UserDomain Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies" objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath ValueName = "WriteProtect" DwordValue = "0" objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue If IsNull(DwordValue) Then Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue Elseif DwordValue=0 then Wscript.Echo "The USB Key for computer " & strComputer & " is: Open and Not Read Only! - ", DwordValue Set LogFile = fso.OpenTextFile(BinPath & "ChangeLog.log",8,true,0) LogFile.WriteBlankLines 1 LogFile.WriteLine("================================================================================") LogFile.WriteLine("USB Access changed to OPEN" & " By User " & objNetwork.UserName ) LogFile.WriteLine(Now & " - The Registry Key for " & strComputer & " is open.") LogFile.WriteLine("================================================================================") LogFile.WriteBlankLines 1 LogFile.Close ' ------ NOTIFY OF USB KEY CHANGE ACCESS ------ strFrom = "usbaccess@yourdomain.com.au" strTo = "it@yourcompany.com.au" strSub = "USB Access changed to OPEN" & " By User " & objNetwork.UserName strBody = "USB Access changed to OPEN" & " By User " & objNetwork.UserName & " on " & Now & " - The Registry Key for " & strComputer & " is now open." strSMTP = "YOUR-INTERNAL-SMTP-SERVER" ' ------ END CONFIGURATION --------- set objEmail = CreateObject("CDO.Message") objEmail.From = strFrom objEmail.To = strTo objEmail.Subject = strSub objEmail.Textbody = strBody objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTP objEmail.Configuration.Fields.Update objEmail.Send else Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue End if If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _ strComputer & "\root\cimv2") Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") For Each objOS in colOS objOS.Reboot() Next End If