playlet Posted December 13, 2009 Share Posted December 13, 2009 (edited) --- Edited August 18, 2016 by playlet Link to comment Share on other sites More sharing options...
dantay9 Posted December 13, 2009 Share Posted December 13, 2009 If you have registry access, this webpage shows you how to easily lock any drive. Link to comment Share on other sites More sharing options...
playlet Posted December 13, 2009 Author Share Posted December 13, 2009 (edited) --- Edited August 18, 2016 by playlet Link to comment Share on other sites More sharing options...
playlet Posted December 15, 2009 Author Share Posted December 15, 2009 (edited) --- Edited August 18, 2016 by playlet Link to comment Share on other sites More sharing options...
whim Posted December 15, 2009 Share Posted December 15, 2009 I have to restart computer for the changes to take effect. Not sure if it'll work, but have you tried killing and restarting your explorer shell to force it to "take"whim Link to comment Share on other sites More sharing options...
jvanegmond Posted December 15, 2009 Share Posted December 15, 2009 I think you can only do this through encrypting your flash disk, and decrypting it on the fly when necessary. github.com/jvanegmond Link to comment Share on other sites More sharing options...
Richard Robertson Posted December 15, 2009 Share Posted December 15, 2009 You could write your own file system and use it on the disk. Then Windows can't mount it but you can use your custom "explorer" to read the files. Link to comment Share on other sites More sharing options...
darkjohn20 Posted December 15, 2009 Share Posted December 15, 2009 You could write your own file system and use it on the disk. Then Windows can't mount it but you can use your custom "explorer" to read the files. Sounds interesting. Have an example? Link to comment Share on other sites More sharing options...
Richard Robertson Posted December 15, 2009 Share Posted December 15, 2009 You could write your own file system and use it on the disk. Then Windows can't mount it but you can use your custom "explorer" to read the files. Sounds interesting. Have an example? No not really. You would just be reading and writing directly to the disk though. You'd have to come up with your own way to store the files. Link to comment Share on other sites More sharing options...
playlet Posted December 16, 2009 Author Share Posted December 16, 2009 (edited) --- Edited August 18, 2016 by playlet Link to comment Share on other sites More sharing options...
Fire Posted December 16, 2009 Share Posted December 16, 2009 (edited) Yes, that works. Although killing explorer so many times doesn't seem right or practical.May be it helps in this case without restarting explorer.exe just run this command in context of your script after regwrite(): gpupdate /force Edited December 16, 2009 by Sh3llC043r [size="5"] [/size] Link to comment Share on other sites More sharing options...
Juvigy Posted December 17, 2009 Share Posted December 17, 2009 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor 4. In the right pane, double-click Start. 5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK. This works for me on XP.It takes effect if the usb has not been inserted yet. Link to comment Share on other sites More sharing options...
playlet Posted December 17, 2009 Author Share Posted December 17, 2009 (edited) --- Edited August 18, 2016 by playlet Link to comment Share on other sites More sharing options...
Juvigy Posted December 17, 2009 Share Posted December 17, 2009 When you do this and plug in an USB devise afterwords nothing happens. And the USB drive is unusable until you revert the changes. Check it out. The only thing is that it doesnt disable already inserted USB drives. So the registry change must be done before inserting the USB drive you want disabled. Link to comment Share on other sites More sharing options...
jvanegmond Posted December 17, 2009 Share Posted December 17, 2009 (edited) Let's get this straight, do you want to disable access to USB drives on machines you control or do you want all machines to disable access to your USB drive? Currently, the solutions provided by everyone, except me and Richard, are to disable access from your machine to any USB. Edited December 17, 2009 by Manadar github.com/jvanegmond Link to comment Share on other sites More sharing options...
playlet Posted December 17, 2009 Author Share Posted December 17, 2009 (edited) --- Edited August 18, 2016 by playlet Link to comment Share on other sites More sharing options...
Fire Posted December 17, 2009 Share Posted December 17, 2009 Hi, You can execute this command like: run("cmd.exe /c gpupdate /force", "", @SW_HIDE) or #include <Process.au3> $commandeffect="gpupdate /force" _RunDOS($commandeffect) For you i saw if you restart explorer.exe process (like tskill explorer) changes on your regedit(after regwrite() of course) is true and has take effect witout restarting system.Am i rights? And i think here is analog method to do it like above. Try may be it helps. And please keep in mind gpupdate /force command require max 2 second for take effect in system. P.S always i use this method in my comp at home(OS WIN XP (ru) 5.1.2600 Service Pack 2 32 bit) for take effect all regedit & GPO(Group Policy Object) changes without restaring OS. There is another way to do it but i think it is not secure and may be can damage system.(I test it in my OS) and i recommend do not use this method. Bcuz drive letter and its hex valuesmay differ on another comp. Proof see here: h*tp://www.pctools.com/guides/registry/detail/1157/ And say i have Flash drive which letter is "J"(without quotes) And hex() for J is: 512 If i apply to my system this changes it cause error on drive letter and mistakely prevent access to my another disk which letter is "i".(I test it) In other words this method may be generate errors or mistakes which is not secure. But what`s happened if it prevenet access to my logical drive where OS installed?As result this after reboot may be FATAL for OS. I do not recommend to you use it in your application. Also i think about 3`rd method with autorun.inf somethink like below:(sorry i didnt test it on my OS bcuz autorun is disabled probably on my OS +fixed.) But i think here is may be some idea for you how to realise it. echo [AutoRun] >>autorun.inf echo shell\open\Command=yourpass_protected_file.exe>>autorun.inf echo open=yourpass_protected_file.exe >>autorun.inf and here is: yourpass_protected_file.exe your au3 compiled *.exe which require Valid pass and if authorisation is Valid delete autorun.inf from removable drive and then give access to drive directly. Just run above command in context of run() command. Restrictions on this methtod: 1:) Many AV applications may cause false/+\prositivies about this autorun.inf 2:) If user disabled autorun on removable drives maybe it cannot correctly run. 3:) and etc. Sorry for awfull English. [size="5"] [/size] Link to comment Share on other sites More sharing options...
playlet Posted December 17, 2009 Author Share Posted December 17, 2009 (edited) --- Edited August 18, 2016 by playlet Link to comment Share on other sites More sharing options...
Richard Robertson Posted December 17, 2009 Share Posted December 17, 2009 Big note here. Autorun.inf is not called on USB media without changes made on the target system. And in many cases, autorun is globally disabled. Link to comment Share on other sites More sharing options...
Fire Posted December 17, 2009 Share Posted December 17, 2009 One note:Playlet i think this method too is not secure:{21EC2020-3AEA-1069-A2DD-08002B30309D}few years ago i try it with another application but here is whole:if user knows {21EC2020-3AEA-1069-A2DD-08002B30309D} identifier for folder from console:like dir & attrib -h -r -s -a and in next he may bypass all restrictions like:cd somefolder.{21EC2020-3AEA-1069-A2DD-08002B30309D}dir@rem its content of protected folder:(Please try bypass it from console and you will see it.Thanks. [size="5"] [/size] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now