This is an interesting factoid that Microsoft added as part of Windows XP Service Pack 2 that lets users prevent data from being written to USB devices (via a registry key). But this is just the start, Longhorn is supposed to add more comprehensive “features”.  Much has been made of the security risks posed by portable storage devices such as USB keys, or flash drives, music players like the iPod, and other small gadgets that can store vast amounts of data. Some fear that such tiny devices can be used to quickly copy sensitive data off business PC hard drives, or to introduce malicious software onto corporate networks.  In the next version of Windows, Microsoft will give big companies an easy way to block use of such devices, while making it easier for consumers to connect their home systems to them.

How to disable a USB device then? Never thought you would ask *grin*. Microsoft calls this “Controlling block storage devices on USB buses”. This feature provides the ability to set a registry key that will prevent write operations to USB block storage devices, such as memory sticks. When this registry key is enabled, the devices function only as read-only devices. You can implement this setting as part of a security strategy to prevent users from transporting data using these devices.

Who does this feature apply to?

  • Users who do not want data to be written from their computer to a USB storage device.
  • IT professionals who want to implement organisation controls over the use of USB block storage devices

What settings are added or changed in Windows XP SP2?

  • Setting Name: WriteProtect
  • Location: HKEY_LOCAL_MACHINE\System\CurrentControlSet\
             Control\StorageDevicePolicies
  • Default Value: DWORD=0
  • Possible Values: 0 - Disabled, 1 - Enabled

More Information:
http://tinyurl.com/4pkv4
http://tinyurl.com/4ocmm