Lock usbstor per vendor

[JEGould]

Can you limit the USB port to only allow a specific brand of USB device

 

[willard]

Unlikely anything like that exists, but you could theoretically do it by checking device IDs when they're plugged in and disabling it if it doesn't match what you wanted.

Why would you want to do this, though?

 

[Brett928S2]

Hi

NO....thats why it has the capital U in USB....

All the best Brett

 

[JEGould]

Unlikely anything like that exists, but you could theoretically do it by checking device IDs when they're plugged in and disabling it if it doesn't match what you wanted.

Why would you want to do this, though?

We issue only Iron Key USB divices and the USBSTOR.ini from windows only a value of 3 on (start) or a value of 4 off (Stop). I understand you set up groups that have the setting on or off in AD. We have a ton of users and not all have Thumb drives, but those who do can use them on any machine. It would just be easier to manage and track if users are inserting divices (trying to) and the security logs show "Failed USB divice insertion" Make Sense?

 

[JEGould]

Can you limit the USB port to only allow a specific brand of USB device

I found out that all USB divices have an Identifyer, when you go in to Device Manager

When I plugged in a 3 different USB drives
2 FIPS Certified
1 Kingston drive

In Device Manager-

When you plug in the USB dive under Universal Serial Bus controllers-it will automatically show an entry called

USB Mass Storage Device Properties-

select the Details tab –in the Drop Down menu there are 52 items and the only three that change are Bus Relations, Children, and Bus Reported device description


So after testing I found there is a way to lock you system to only accept one or multiple types of devices if you specify which ones to accept. If you add multiple USBTOR entries you system will only allow the ones specified.