禁用USB接口将网络安全进行到底

来源：作者：出处：巧巧读书 2006-07-26 进入讨论组

三，注册表限制法：

如果电脑已经用过USB存储设备，那么禁止起来就更加方便了，直接使用注册表文件进行导入操作即可。

禁止使用USB存储设备的注册表内容如下：
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\
00,52,00,2e,00,53,00,59,00,53,00,00,00
"DisplayName"="USB 大容量存储设备"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

我们将上面的代码保存成一个以REG为后缀的文本文件，然后双击该文件导入注册表就完成了禁止该计算机使用USB存储设备的操作。所有用户都无法用USB存储设备了，这点和上面仅仅是根据用户或用户组来限制的方法是不同的，效果更好应用范围更广。

开启USB存储设备使用权限的注册表内容如下：
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\
00,52,00,2e,00,53,00,59,00,53,00,00,00
"DisplayName"="USB 大容量存储设备"

我们将上面的代码保存成一个以REG为后缀的文本文件，然后双击该文件导入注册表就完成了开启该计算机使用USB存储设备的操作。所有用户都可以使用USB存储设备。

转载保留：http://www.qqread.com/safe-tech/h990179072.html