Disabling USB ports. Closing access to USB flash drives Favorites

Peripheral devices such as a mouse, keyboard, Web camera, and printer are usually connected to the computer via USB ports. In this case, it often happens that one or more ports stop working. That is, when you connect, for example, a flash drive to a computer, it is not recognized, the keyboard or mouse may freeze, and the printer may not respond or print pages.

There are several likely reasons why some or all of the USB ports on your computer are not working. Let's try to understand this issue and find out what should be done to restore normal functioning of the computer.

Checking BIOS settings

The first thing you should pay attention to is the computer's BIOS settings. To enter the BIOS you will need a working keyboard. If the keyboard is connected to the computer via USB and it does not work, then you need to connect a keyboard with a PS/2 connector. Otherwise, you simply won't be able to do anything.

So, let's go to the BIOS, for which, when starting the computer, you need to press the enter key, usually DEL. There may be another key that appears on the screen and is listed in the motherboard manual. After entering the BIOS, find the section responsible for integrated devices (Integrated Peripherals) or the “Advanced” section. Here you should find the “Onboard Devices Configuration” subsection. It contains the parameters responsible for the operation of USB controllers: USB Function or USB 2.0 Controller. These parameters must be Enabled. And if one of them is disabled, then hover over it and press Enter, thereby turning it on. To ensure that the changes you make are not lost, you must save them by pressing F10 and confirm saving by pressing the Y or Enter key.

After restarting the computer, check if the USB ports are working. And if not, then you should look for the reason elsewhere.

USB ports on the front of the computer do not work

As a special case, USB only on the front panel may not work for you. In such a situation, you need to check whether the necessary connectors on the motherboard are connected and whether the wires are damaged. To do this, open the side cover of the system unit and pay attention to the connector at the bottom of the motherboard. On the board itself there is an inscription USB1 or USB2, as well as on the block itself. The wires from the block go to the front panel, and if they are disconnected or broken in one place, then you have discovered the cause of the malfunction. Damaged wires should be connected or replaced. It would also be a good idea to check the contact in the connector on the motherboard. It is also worth paying attention to the board located on the front panel. There may be a short circuit; by the way, such a short circuit can be caused by accumulated dust. Therefore, be sure to clean the system unit from dust.

Problems with the device itself or the cable

The next source of problems with USB may be the cable with which, for example, the printer is connected. This fault is easy to identify and fix. We connect the flash drive to the connector being tested. If it works, then we try to connect other known good equipment, for example a USB hub, using a suspicious cable. If it also refuses to work, then the reason is clearly in the cable and it should be replaced.

Power outages

There are situations when there is simply not enough power for all devices. For example, connecting an external hard drive that uses two USB connectors at once may disable the printer or keyboard. In this case, the power of the power supply is not enough to provide energy to all consumers. In this case, the problem may not appear immediately, but after some time after turning on the computer. There are several ways out of the situation. If you have a low-power power supply installed, for example, 300 W, then it would be logical to change it to a more powerful one, 450-600 W. You can also use an active USB hub (with external power). It will not only increase the number of connected USB devices, but also power them from a separate power supply.

Another reason that affects USB operation is a dead CMOS battery. But at the same time, every time you turn on the computer, you will observe a lost system time and date. After replacing the battery the problem goes away. But this does not occur often, so you should check other possible sources of malfunction.

Missing or incorrect installation of USB drivers

Causes associated with software problems in Windows 7/10 can be identified using Device Manager. If you notice that one or more devices in particular are not working, regardless of the port used, this may indicate that the problem is in the device itself. Open Control Panel and go to Device Manager. All connected devices will be displayed there. If there are items in the list that have a yellow exclamation mark next to them or the name is Unknown Device, then the problem is with this very device. There may be several possible problems here.

Often USB inputs stop working after reinstalling Windows 7/10. The reason is incorrect installation of drivers or the necessary drivers may not be found at all. You will have to select and install manually.

Often, to fix a problem you just need to update the drivers. So, if automatic Windows updates are disabled, and the system itself was installed quite a long time ago, then the relevance of the software is lost, and system errors may appear. In this case, the device begins to work incorrectly, or even stops functioning altogether. To update (reinstall) USB controller drivers, you can use a CD/DVD with drivers for the motherboard or download the necessary drivers from the motherboard manufacturer's website.

You can also turn off the power saving feature for all ports using Device Manager. Expand the list of used USB devices hidden in the sections “USB Controllers”, “Mouse and other pointing devices”, “Keyboards”. Double-click on the desired device to open the properties window. Now switch to the “Power Management” tab and uncheck the “Allow the computer to turn off this device to save power” checkbox. Thus, the device will always be activated under any circumstances.

If some equipment is not recognized, then there may be either a problem with the drivers already known to us, or a hardware problem, consisting of a lack of contact, a damaged cable, or a malfunction of the controller. Moreover, it often happens that when a faulty device is connected, the others stop working normally. The keyboard starts to freeze, as does the mouse, and the printer stops printing. The problem is similar to power shortage, that is, all the power consumption goes to a faulty device, which may have a simple short circuit or other malfunction.

USB ports not working due to controller damage

If none of the above actions helped restore the functionality of the USB ports, then you should check the USB controller of the motherboard, which may have failed. In this case, high-quality repairs and diagnostics should be entrusted to the specialists of the service center. As a way out of the problem, try installing an expansion card, the so-called USB PC controller, which is installed in the PCI slot on the motherboard. This solution is noticeably cheaper than repairing the motherboard USB controller, and when using an additional USB hub, the problem with the lack of ports will not be relevant at all.

As you can see, finding and fixing problems with USB ports is quite a troublesome task, and all because there can be a lot of reasons. Consistent search and elimination of obviously incorrect paths will allow you to identify and eliminate the problem.

Want to protect the data on your Windows 10 computer by blocking or disabling USB drives on your PC? In this guide, we'll look at five easy ways to enable or disable USB drives in Windows 10.

Blocking USB drives in Windows 10 can be done in different ways. You can use the Registry, BIOS, or third-party utilities to enable or disable USB drives in Windows 10.

Below are five ways to enable or disable USB drives in Windows 10.

Method 1 of 5

Enable or disable USB drives in Windows 10 using the registry

If you're comfortable making changes to the Windows registry, you can enable or disable USB drives in Windows 10 by manually editing the registry. Here's how to do it.

Step 1: Open Registry Editor

Step 2: Continue to the next section:

Step 3: Now on the right side double click on the option "Start" and change its value to 4 to disable USB drives on your Windows 10 PC. Change the Start value to 3 to enable USB drives and storage devices on your PC.

Method 2 of 5

Enable or disable USB ports through Device Manager

Did you know that you can disable all USB ports using Device Manager? By disabling USB ports, you prevent users from using USB ports to connect USB drives to your computer.

When you disable USB ports, the USBs on your PC will not work and hence no one will be able to connect USB drives. You will need to re-enable the USB ports to connect devices via USB. Here's how to enable or disable USB ports using Device Manager.

Step 1: Right click on the button "Start" on the taskbar and select .

Step 2: Expand USB controllers. Right-click on all the entries one by one, and click "Disable device". Click "Yes" when you see a confirmation dialog.

Method 3 of 5

Use USB Drive Disabler to enable or disable USB drives

If you don't want to edit the registry manually, you can use a free tool called USB Drive Disabler to quickly enable or disable USB storage devices on your PC. Simply download USB Disabler, launch it, and then select Enable USB Drives or Disable USB Drives to enable or disable USB drives on your PC.

Method 4 of 5

Disable or enable USB ports in BIOS

Some manufacturers offer an option in the BIOS/UEFI to disable or enable USB ports. Boot into BIOS/UEFI and check if there is an option to disable or enable USB ports. Check your PC's user manual to see if there is an option to enable or disable USB ports in the BIOS/UEFI.

Method 5 out of 5

Enabling or disabling USB storage devices USB Guard

Nomesoft USB Guard is another free utility for blocking USB drives on computers running Windows 10 and earlier versions of Windows. You must use this program as an administrator to enable or disable USB storage devices.

Write protection for USB drives can be useful as an additional security option.

It is recommended to disable USB ports as a precaution, namely when connecting flash drives, external drives or other USB devices in order to infect the computer with all kinds of viruses or steal data. It is for these reasons that many IT workers in offices and companies block access to them. Without bothering with any programs for these purposes or other settings, they simply disconnect it from the motherboard.

Below I will give some examples with descriptions, how to disable USB ports on a computer.

Disable USB in Bios

We go into Bios, to do this, when turning on or restarting the PC, press the Delete key on the keyboard. Let's go to the Advanced section (Advanced BIOS features), where we are interested in the next option, Legacy USB Support. By default, it has the Enabled position, change it to Disabled.

We save the changed values ​​by pressing the F10 hotkey and exit.

Via the registry

Using +R, open the Run window and enter the Windows command “regedit” (without quotes). In the editor we go along the branch

Microsoft Registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

Find the DWORD parameter “Start” and change its value to “4”.

We reboot by first clicking the “OK” button.

PS: How to enable USB ports? Change the value back to "3".

device Manager

Open the “Start” menu, right-click on “Computer” and go to “Properties”. On the left side of the screen, click on the “Device Manager” link. In the displayed list, look for the “USB Controllers” item, open it and use the mouse to deactivate it.

Going to "Properties".

Then “Drivers” and then click the button shown in the screenshot below.

Removing USB controller drivers

An option that also has a place to be. Simply use a program, for example, CCleaner, to remove drivers from your computer. The downside is that when you restart the PC it will check for the presence of these and install them. Which will again open access to the ports.

Fix It utility

You can download and at the same time find out how you can use it to deny access by following this link //support.microsoft.com/ru-ru/kb/823732.

Using programs

There are quite a lot of applications, it’s impossible to list them all, but I would like to use one. Its name is USB Ports Disabler. Download from the link. We launch and then everything is intuitive.

First, click the button highlighted in the figure below

Of all the methods found after a short search, not a single one worked in my case :)

Even the option to limit rights for users in the registry did not produce results (even removing rights for the system and administrator - i.e., all rights completely for everyone - did not help).

As a result, I combined my version (assembling two different ones).

In my case, an ordinary user does not have any privileges in the system (a dream!) and, of course, maximum functionality was required - i.e. use of certain (registered) media on individual PCs.

To do this, we use only two procedures (actions):

1. We delete from the registry information about all used (registered in the registry) USB storage devices using any convenient method (to your taste).
   It turned out that the fastest and easiest way for me was to use a simple utility. Then we delete the files from the system %Windows%\inf\Usbstor.pnf And Usbstor.inf .
2. In the future, if you need to add (register) a storage device, add the specified files to the system, then connect (reconnect) the USB drive and it is fully identified (registered) in the system. After registering in the system, we again delete the specified files, which again blocks any attempts by the system to detect a new USB drive.

In the case when rights in the OS are distributed and “normal” work is performed by a user with limited rights, this method completely blocks the ability to connect “Flash drives” that have not been registered (by the system administrator) to the OS.

Removing and adding Usbstor.pnf and Usbstor.inf files can be done using .bat files approximately as follows:

deletion

del /f /s /q C:\WINDOWS\inf\usbstor.inf C:\WINDOWS\inf\usbstor.PNF

restore (provided that the files are located next to the bat file)

xcopy ".\usbstor.inf" "C:\WINDOWS\inf\"
xcopy ".\usbstor.PNF" "C:\WINDOWS\inf\"

Attention! For Windows 7 and higher, all .bat files must be run as an administrator ("Run as administrator" in the context menu).

Below are other ways to restrict access to these devices (they didn’t work for me individually).

Computer Management->Device Manager->USB Universal Serial Bus Controllers->(USB Root Hubs) -> "Device Application: [Disabled]

For example, if the printer is connected to a hub, then it does not need to be disconnected.

note 1. Device Manager can be launched from the command line start devmgmt.msc.

note 2. An interesting feature of Device Manager is to run two commands from the console:

Set devmgr_show_nonpresent_devices=1
start devmgmt.msc

Then hidden devices will appear in Device Manager.

If USB is not required, disable USB controllers.

Prohibit use by everyone except those selected through “Computer Management -> Storage Devices -> Removable Storage -> Properties -> Security.

Flaw

There are some pitfalls here, for example, a ban on using the USER group. But the administrator can be a member of the USER group.

However, this is equivalent to changing the parameter
HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR "Start"
"Start"=dword:00000004 - disable;
"Start"=dword:00000003 - allow.

note. You can start the service from the command line
net start "Removable memory"

We go to the %Windows%\inf folder (the folder has the hidden attribute), there are two files in it - Usbstor.pnf and Usbstor.inf.

We deny access to these files except for the administrators group or a specific user.

Why ban USB completely when you can only ban recording?

HKLM\SYSTEM\CurrentControlSet\control\StorageDevicePolicies.

The WriteProtect parameter most likely does not exist. Then it needs to be created with type dword and assigned the value 1.

And don't forget to reboot your computer. To restore - assign the value 0.

So, step by step (of course, you need to have local administrator rights):

1. Win+R (similar to Start -> Run), regedit.
2. . This key stores information about all USB drives ever connected.
3. We give ourselves full access to USBSTOR (right mouse button -> Permissions, check the Full access option for the ALL group).
4. We delete all contents of USBSTOR.
5. We connect the approved flash drive and make sure that it has been identified. A key like Disk&Ven_JetFlash&Prod_TS4GJF185&Rev_8.07 should appear inside USBSTOR (F5 to update the list).
6. Again RMB on USBSTOR, Permissions. We remove Full access from the ALL group, leaving the right to read.
7. The same rights must be assigned to the SYSTEM user, but this cannot be done directly. First you need to click the Advanced button, uncheck the Inherit from parent object... checkbox, and in the Security window that appears, say Copy. After clicking OK again, the SYSTEM user rights will become available for change.
8. To consolidate the effect, click the Advanced button again and check the Replace permissions for all child objects... Confirm execution.

What did we achieve in the end? An approved flash drive connects and disconnects without problems. If an unauthorized connection is attempted, Windows will detect the device, but will not be able to install it, cursing as follows:

Moreover, a new key will be created in USBSTOR, which will clearly indicate an attempt to connect an unapproved USB drive.

In many companies and organizations, the ban on the use of USB drives is one of the primary tasks that is set for the enterprise system administrator, the reason for this is two troubles - the removal of information (secret documents, etc.) and the introduction of it: viruses, games, etc. At first glance, the problem can be solved simply - disable USB ports through the BIOS, but this will also affect other USB devices - a mouse, keyboard, printer or phone charger.

So, you need to programmatically prohibit the use of flash drives without affecting useful USB devices. There are several solution options, let's look at them in more detail:

Disable USB Windows 7, 8, Vista

Starting with Windows Vista in local group policies ( gpedit.msc) a very useful bush has appeared, located in Politics “Local Computer” > Computer Configuration > Administrative Templates > System > Access to Removable Storage Devices . It allows you to flexibly configure read, write and execute bans on various classes of removable devices.

Disable USB Windows XP

To disable USB removable storage devices in Windows XP, you need to tweak the registry a little and adjust the access rights to the driver files:

1. Disable USBSTOR service (regedit.exe)

“Start”=dword:00000004

1. Set the SYSTEM account permission to “Deny” for the following files:
   • %SystemRoot%\Inf\Usbstor.pnf
   • %SystemRoot%\Inf\Usbstor.inf

It is described in more detail here, the original source is http://support.microsoft.com/kb/823732

Create a file with the extension – .bat and copy one of the code options
Body files to automate shutdown:

on-USB.bat

Rem 1) ACL cacls %SystemRoot%\inf\usbstor.inf /e /p "NT AUTHORITY\SYSTEM":F cacls %SystemRoot%\inf\usbstor.PNF /e /p "NT AUTHORITY\SYSTEM":F rem 2 ) Registry reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 00000003 /f

off-USB.bat

Rem ACL cacls %SystemRoot%\inf\usbstor.inf /e /p "NT AUTHORITY\SYSTEM":N cacls %SystemRoot%\inf\usbstor.PNF /e /p "NT AUTHORITY\SYSTEM":N rem registry reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 00000004 /f

Banning USB through group policies in Windows server 2003

By default, Group Policies in Windows server 2003 do not provide an easy way to disable removable media devices such as USB ports, CD-ROM drives, and Floppy drives. Despite this, Group Policies can be extended to use the appropriate settings using an ADM template.

The ADM template below will allow the administrator to disable the corresponding device. Import this administrative template into Group Policy as an .adm file.
In C:\WINDOWS\inf we create a file nodev.adm with the contents:

CLASS MACHINE CATEGORY !!category CATEGORY !!categoryname POLICY !!policynameusb KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR" EXPLAIN !!explaintextusb PART !!labeltextusb DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 3 DEFAULT N AME!! Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynamecd KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom" EXPLAIN !!explaintextcd PART !!labeltextcd DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMERIC 1 DEFAULT NAME!! Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynameflpy KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk" EXPLAIN !!explaintextflpy PART !!labeltextflpy DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled VALUE NUMER IC 3 DEFAULT NAME!! Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY POLICY !!policynamels120 KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy" EXPLAIN !!explaintextls120 PART !!labeltextls120 DROPDOWNLIST REQUIRED VALUENAME "Start" ITEMLIST NAME !!Disabled V ALUE NUMERIC 3 DEFAULT NAME!! Enabled VALUE NUMERIC 4 END ITEMLIST END PART END POLICY END CATEGORY END CATEGORY category="Custom Policy Settings" categoryname="Restrict Drives" policynameusb="Disable USB" policynamecd="Disable CD-ROM" policynameflpy="Disable Floppy" policynamels120=" Disable High Capacity Floppy" explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver" explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver" explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver" explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver" labeltextusb="Disable USB Ports" labeltextcd="Disable CD-ROM Drive" labeltextflpy="Disable Floppy Drive" labeltextls120="Disable High Capacity Floppy Drive" Enabled="Enabled" Disabled="Disabled"

IMPORTANT! If the added policies are not displayed in the Group Policy Editor, do the following:
1. In the right part of the policy editor window, right-click, go to the View menu item and click Filtering...
2. Uncheck “Show only managed policy settings”
3. Click OK
After this, the added policies will be displayed on the right side of the Group Policy Editor window.

Banning USB through group policies in Windows server 2008

A ready-made group policy for banning drives has appeared in server operating systems starting with Windows server 2008. You can configure them on the controller via the gpmc.msc snap-in, located in the same path (Policy > Computer configuration > Policies > Administrative Templates > System > Removable storage access) . It works flawlessly, but can only be used on Windows Vista, 7 and 8 operating systems.

The situation with Windows XP is somewhat more complicated; despite Microsoft's statements about ending support for XP in the spring of 2014, it still occupies a large part of the operating systems used in the corporate sector. It doesn’t matter, we’ll set it up like the local one, but only through the GPO. We launch gpmc.msc, create a GPO and start editing it.