none
Re-enumeration of USB Devices RRS feed

  • Question

  • First off, I'm brand new to Windows so I should apologize for that in advance.

    I'm working on a network that needs to restrict USB Mass Storage access to the ISSO role, only. Management wants to permit USB Mass Storage access for ISSOs on all workstations while blocking USB Mass Storage access to all others...on all workstations. They also want the USB ports to remain available for everything else except Mass Storage.

    There are a lot of ways to do this, but the only "reliable" method I've found so far is to point the HKLM\System\CurrentControlSet\Services\UBSSTOR\ImagePath key to some bogus filename to lock the ports and rename it back to access them again.

    For this to work, I need to do two (2) more things...

    1.  Ensure the ImagePath key is always set to the bogus value at boot up, and

    2.  Create a login script that sets ImagePath to the correct value when a member of the ISSO group logs in...and reset it when they log off.

    That would meet Management's requirements if only it worked! The problem is that the USB devices have to be re-enumerated in order to re-read the ImagePath registry key after each change. Replugging the device will do it, but it wouldn't make sense to rely on a User to self-restrict their access (fox/hen house).

    The following Microsoft KB seems to be the way to go, but we don't have compilers on the network...

    http://support.microsoft.com/kb/259695

    I know this system hack isn't the most elegant, but I'm just trying to make Management happy.

    Does anyone know...

    1.  Any (more elegant) way to meet the stated requirement, or

    2.  A way to re-enumerate the USB devices from a script.

     

    Thanks! ...Todd

    Monday, March 7, 2011 1:51 PM

All replies

  • this forum is for Windows Embedded Compact (CE), it looks like you're targeting the 'big' Windows


    Luca Calligaris lucaDOTcalligarisATeurotechDOTcom www.eurotech.com Check my blog: http://lcalligaris.wordpress.com
    Monday, March 7, 2011 3:41 PM
  • Sorry...my bad.
    Wednesday, March 9, 2011 8:42 PM