开发者

How to restrict access to USB drives using C#?

I'm working on an application that needs to temporarily put a machine into a restricted, kiosk-like state. One of the things I need to block is access to attached USB drives. Is there any way to do this, via C#, 开发者_JAVA技巧other than messing with Windows group policy? (That approach is covered by my other SO question on this topic)

I realize there might be security implications of this, and I might need admin rights to the box, and that's OK. At this point I just need pointed in the right direction to continue my research.

Update:

I'm targeting Windows XP for this. Vista support would be nice, but not required. ideally I would only block USB drives plugged in after my app starts up, but it's acceptable to block ALL USB drive access.

This application will be run on machines I do not control. Basically my app gets installed, creating a restricted sandbox. The user then logs into my app, performs some timed actions, and then logs out. My app is them removed, restoring the PC to its prior state. I'm looking for a code-based solution that enables me to make the fewest number of assumptions about the pre-existing environment, up to and including the assumption that I can access the BIOS.


You can do this by modifying the registry.

using Microsoft.Win32;
RegistryKey key;
key = Registry.LocalMachine.OpenSubKey
         ("SYSTEM\\CurrentControlSet\\Services\\UsbStor");
key.SetValue("Start", 4, RegistryValueKind.DWord);  //disables usb drives
key.SetValue("Start", 3, RegistryValueKind.DWord);  //enables usb again

http://support.microsoft.com/kb/823732

Any devices already connected will remain there, but no new usb drives plugged in will be automatically mounted.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜