Skip to main content

How to lock down USB Keys and Be Notified When They Are Opened

This is a simple guide courtesy by Spiceworks.
These are three scripts that will make the locking down of USB so much easier.

The issue I had was that I could not track what company information was leaving on USB keys. Yes Windows 7 has some neat stuff with BitLocker but I need it locked down now.

IntelliAdmin has some tools for turning off USB Keys but what about when users need them to perform their job? Ie. Download photos, use HSDPA / Wireless Cards? The solution?

Make the drives read only. This means that the users can bring in their information or use wireless cards and download photos but cannot write back to devices.

There are two VBscripts for these:

1.

Locking down USB Drives to Read Only

HKEY_LOCAL_MACHINE = &H80000002
Err.Clear
' On Error Resume Next
strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","IT-0")
' Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
' If Err.Number Then
' Wscript.Quit
' End If
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
If Err.Number Then
WScript.Echo "Computer Name Does Not Exist"
Wscript.Quit
End If
if strcomputer = "" then
Wscript.Quit
End if
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
ValueName = "WriteProtect"
DwordValue = "1"
objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue
If IsNull(DwordValue) Then
Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue
Elseif DwordValue=0 then
Wscript.Echo "The USB Key for computer " & strComputer & " is now OPEN: Not Read Only! - ", DwordValue
else
Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue
End If
If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _
strComputer & "\root\cimv2")
Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOS in colOS
objOS.Reboot()
Next
End If

2.

Open USB Drives but be notified by a Email and a Log File

Firstly create a text document in the same directory as your VBScript called changelog.log
Then continue to cut and paste below into a text document with your heading and an extension of .vbs
----------------------------
' On Error Resume Next
HKEY_LOCAL_MACHINE = &H80000002
strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","My-Computer")
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
If Err.Number Then
WScript.Echo "Computer Name Does Not Exist"
Wscript.Quit
End If
dim objNetwork
Dim fso
Dim CurrentDate
Dim LogFile
CurrentDate = Now
Set objNetwork = WScript.CreateObject("WScript.Network")
Set fso = CreateObject("Scripting.FileSystemObject")
strUser = objNetwork.UserDomain
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
ValueName = "WriteProtect"
DwordValue = "0"
objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue
If IsNull(DwordValue) Then
Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue
Elseif DwordValue=0 then
Wscript.Echo "The USB Key for computer " & strComputer & " is: Open and Not Read Only! - ", DwordValue
Set LogFile = fso.OpenTextFile(BinPath & "ChangeLog.log",8,true,0)
LogFile.WriteBlankLines 1
LogFile.WriteLine("================================================================================")
LogFile.WriteLine("USB Access changed to OPEN" & " By User " & objNetwork.UserName )
LogFile.WriteLine(Now & " - The Registry Key for " & strComputer & " is open.")
LogFile.WriteLine("================================================================================")
LogFile.WriteBlankLines 1
LogFile.Close
' ------ NOTIFY OF USB KEY CHANGE ACCESS ------
strFrom = "[email protected]"
strTo = "[email protected]"
strSub = "USB Access changed to OPEN" & " By User " & objNetwork.UserName
strBody = "USB Access changed to OPEN" & " By User " & objNetwork.UserName & " on " & Now & " - The Registry Key for " & strComputer & " is now open."
strSMTP = "YOUR-INTERNAL-SMTP-SERVER"
' ------ END CONFIGURATION ---------
set objEmail = CreateObject("CDO.Message")
objEmail.From = strFrom
objEmail.To = strTo
objEmail.Subject = strSub
objEmail.Textbody = strBody
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTP
objEmail.Configuration.Fields.Update
objEmail.Send
else
Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue
End if
If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _
strComputer & "\root\cimv2")
Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOS in colOS
objOS.Reboot()
Next
End If

Conclusion

You can also run this script to see whether the change you have made is successful:
' On Error Resume Next
HKEY_LOCAL_MACHINE = &H80000002
strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name")
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
ValueName = "WriteProtect"
objReg.GetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue
If IsNull(DwordValue) Then
Wscript.Echo "The value is either Null or could not be found in the registry."
Elseif DwordValue=0 then
Wscript.Echo "The USB Key is: Not Read Only - ", DwordValue
else
Wscript.Echo "The USB Key is Secured and Read Only - ", DwordValue
End If

Comments

Popular posts from this blog

Alternative Social Networks

If you are planning to create your  social network  e.g. similar to Facebook. Here's a short list of alternative software's: Open Source and Free​ http://buddypress.org/  - Wordpress (Open Source and Free) http://elgg.org/  - (Open Source and Free) Commercial Social Networks software http://www.socialengine.com/  ($299 Stand Alone, $29/mo Cloud) http://www.jomsocial.com/  (run with Joomla, need to know CMS) http://www.boonex.com/  (very expensive, $399 for Standard) http://www.anahitapolis.com/ http://www.oxwall.org/ http://sharetronix.com/ http://www.moosocial.com/ http://www.jcow.net/ http://phpdolphin.com http://www.grou.ps  (from free to Commercial, I left my networks and they are selling it  http://www.phpfox.com/  (I used this before, it's hard to maintain. I moved to NING but left too after it was sold to another company) http://www.ning.com  (I don't recommend using this service, it's hard to export your data when it's time to move) S

Learning Vulnerability Scanning by KING.NET

Learning Vulnerability Scanning is fun and easy. So I hope you enjoy reading this short how to guide on how to use vulnerability scanning to secure your servers and networks. NMAP is the swiss tool that you need to learn if you're serious in Cyber Security profession. The NMAP tool can be use with NSE scripting (Nmap Scripting Engine) to automate your tasks. For example using NSE Script using a  single vulnerability (cold fusion)  to scan our test lab machine. root@kali:~# nmap -v -p 80  --script http-vuln-cve2010-2861  10.11.1.220 Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-22 17:34 EDT NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. Initiating ARP Ping Scan at 17:34 Scanning 10.11.1.220 [1 port] Completed ARP Ping Scan at 17:34, 0.04s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 17:34 Completed Parallel DNS resolution of 1 host. at 17:35, 13.01s elapsed Initiating SYN Stealth Scan at 17:35 Scanning 10.11.1.220 [1 port] Comp