mahistuffs
Disciple
The History - Few years ago everything was fine, USB devices used to work with no restrictions and was happily moving songs and photos from office to home and vice versa. One or more stupid ppl brought along some new latest mal wares and virus, one of the virus used brute force to access the Admin shares on other PC's; with the intelligent admin ppl having simple Admin password it only took a short time before all the pc's in the domain were infected.
The Realization - Once they realised their mistake it was terrible for ppl like me, the DVD drive cable was removed, internet restrictions were placed and tighter monitoring was done, they got hold of a Antivirus and blocked all access and devices possible and even software's - freeware are also not allowed and blacklisted
. Plug in a USB - an alert is sent to Admin and the device wont be installed, the antivirus and its tools runs in a separate admin account in a different user group, me being a local admin to the PC I can easily add user to the group and disable the monitoring for *ahem* use and re-enable it. Of course senior ppl in the company also have the same problem and I have given them a different solution of using their laptop DVD drive(which was not disconnected) and an windows live cd to boot to an custom OS from DVD, which leaves no traces.
The Question - my problem was far from solved, I wanted a fool proof solution for my desktop. The antivirus logs, user rights and other events I have taken care but was not satisfied with the Windows registry.
When we connect a USB storage device to the windows system, Registry keys are created. If they don't already exist, the HKLM\System\CurrentControlSet\Enum\USBStor key is created. Under that key, a sub key containing the vendor name is created, and the device is given an unique name (this name is unique for the device and is the same in all PC's for that device) and other details are stored including the last time the device was plugged in. In the registry in other places also entry is made about the device.
I am not sure if the Admin has any tools to read the last access date time from the registry but they might have - its a risk I don't want to take.
There are 3rd party free tools available like 'USBDeview' thru which we can see the history of USB devices plugged and last access time and also can be used to uninstall the entry, but the exe is blacklisted by the AV and it reports it as an Hack.ing tool. I can write my own will take a few days of effort, but don't want to risk leaving any trace in an area I might have overlooked.
I want to know if windows has any inbuilt exe / tool to remove or uninstall the entries made for the USB device during installation.
Any suggestions for 'safe' usage are also welcome :hap2:
The Realization - Once they realised their mistake it was terrible for ppl like me, the DVD drive cable was removed, internet restrictions were placed and tighter monitoring was done, they got hold of a Antivirus and blocked all access and devices possible and even software's - freeware are also not allowed and blacklisted
. Plug in a USB - an alert is sent to Admin and the device wont be installed, the antivirus and its tools runs in a separate admin account in a different user group, me being a local admin to the PC I can easily add user to the group and disable the monitoring for *ahem* use and re-enable it. Of course senior ppl in the company also have the same problem and I have given them a different solution of using their laptop DVD drive(which was not disconnected) and an windows live cd to boot to an custom OS from DVD, which leaves no traces.The Question - my problem was far from solved, I wanted a fool proof solution for my desktop. The antivirus logs, user rights and other events I have taken care but was not satisfied with the Windows registry.
When we connect a USB storage device to the windows system, Registry keys are created. If they don't already exist, the HKLM\System\CurrentControlSet\Enum\USBStor key is created. Under that key, a sub key containing the vendor name is created, and the device is given an unique name (this name is unique for the device and is the same in all PC's for that device) and other details are stored including the last time the device was plugged in. In the registry in other places also entry is made about the device.
I am not sure if the Admin has any tools to read the last access date time from the registry but they might have - its a risk I don't want to take.
There are 3rd party free tools available like 'USBDeview' thru which we can see the history of USB devices plugged and last access time and also can be used to uninstall the entry, but the exe is blacklisted by the AV and it reports it as an Hack.ing tool. I can write my own will take a few days of effort, but don't want to risk leaving any trace in an area I might have overlooked.
I want to know if windows has any inbuilt exe / tool to remove or uninstall the entries made for the USB device during installation.
Any suggestions for 'safe' usage are also welcome :hap2: