Ctor Posted November 5, 2010 Share Posted November 5, 2010 Overview:I have been looking at this for a few days and managed to come up with a decent workaround to the fact that XP has no user policy to disable external media devices. It has a machine policy which just changes a single registry key to disable usbstor.sys or cdrom.sys but leaving this policy enabled affects all users.After trying to write a batch file to run on startup for our networked limited user accounts I found that the script approach would not work with a batch file because the script is passed as the limited user. Afterwards I decided to use AutoIt for the concise and effective RunAsWait command. Doing so I set RunAsWait to run the following command as a system administrator on logon (through Active Directory policy manager)#NoTrayIcon ;Disables USB Mass Storage driver RunAsWait("Admin", "Domain", "Password", 0, "cmd /c reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 4 /f", @SystemDir)followed by this logoff script:[code]#NoTrayIcon ;Enables USB Mass Storage driver RunAsWait("Admin", "Domain", "Password", 0, "cmd /c reg add HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v Start /t REG_DWORD /d 3 /f", @SystemDir)This works great because unless the user inserts a USB drive before logging on, the Windows XP system will not recognize or even attempt to mount the drive.Now I'm trying to do the same thing for the CDROM but this is where it gets tricky.cdrom.sys runs from startup because the CDROM is always attached to the machine. Setting the policy would require a restart, but then it would apply to ALL users, which is something I do not want.Real question:I see there is a way to Lock/Unlock the CD tray which could be a good workaround solution, but it requires calling DLLs which is something I have no idea how to do. Even looking at someone else's script (here) I can't make heads or tails of it. Could someone help me put together a similar script to unmount or lock or otherwise incapacitate the cdrom on logon and re-capacitate it on logoff? Link to comment Share on other sites More sharing options...
Ctor Posted November 12, 2010 Author Share Posted November 12, 2010 I'm still not having any luck with this. Anyone care to help me out? Link to comment Share on other sites More sharing options...
Varian Posted November 12, 2010 Share Posted November 12, 2010 This is a start..even though you are on XP Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now