Kaseya Community

Enabling and disabling Removable media

  • Just thought I would share this script for people who have clients request to have the ability to use removable media disable on some workstations for one reason or another. I found that I needed to have the pauses in the script in order for the registry keys to all be modified correctly on the majority of machines and the reboot is required in order to prevent the system files from starting when windows boots up.

    Script Name: Disable removable media
    Script Description: This script will disable cdrom.sys, usbstor.sys, flpydsk.sys, and sfloppy.sys preventing the use of USB removable media, the CD drive and floppy disks. This script works in Windows XP and Windows Vista.

    IF True
    THEN
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Start
    Parameter 2 : 4
    Parameter 3 : REG_DWORD
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Flpydisk\Start
    Parameter 2 : 4
    Parameter 3 : REG_DWORD
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sfloppy\Start
    Parameter 2 : 4
    Parameter 3 : REG_DWORD
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start
    Parameter 2 : 4
    Parameter 3 : REG_DWORD
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Reboot
    OS Type : 0
    ELSE



    Script Name: Enable removable media
    Script Description: This script will enable cdrom.sys, usbstor.sys, flpydsk.sys, and sfloppy.sys enabling the use of USB removable media, the CD drive and floppy disks. This script works in Windows XP and Windows Vista.

    IF True
    THEN
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Start
    Parameter 2 : 3
    Parameter 3 : REG_DWORD
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Flpydisk\Start
    Parameter 2 : 1
    Parameter 3 : REG_DWORD
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sfloppy\Start
    Parameter 2 : 3
    Parameter 3 : REG_DWORD
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start
    Parameter 2 : 3
    Parameter 3 : REG_DWORD
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Reboot
    OS Type : 0
    ELSE



    Legacy Forum Name: Enabling and disabling Removable media,
    Legacy Posted By Username: RichardB
  • Works well thank-you. What I didn't realise is that it also reboots the workstation. I skimmed over the script without seeing the reboot at the bottom. Smile Apart from that works very well.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: andrewakl
  • How about creating a second script that is called and handles user notification and rebooting?

    That's what I usually do, anyway. I'll post up an example later if I get a chance.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Benjamin.Lavalley@kaseya.com
  • This is the one I use for that


    Script Name: Reboot - 15 Minute Prompt
    Script Description: This Script will prompt for a reboot every 15 Min

    IF User Response is Yes
    Parameter 1 : The monkey that takes care of your computer has made a system change or has installed an update that requires your computer to be rebooted. Please save your work then select 'Yes' to Reboot now. If you choose 'No' this message will reappear in 15 minute intervals as a reminder.
    Parameter 2 : 5
    THEN
    Reboot
    OS Type : 0
    ELSE
    Schedule Script
    Parameter 1 : 46224217
    Parameter 2 : 15
    Parameter 3 :
    OS Type : 0


    read carefully before deploying... I've left a funny in it...

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: thirteentwenty
  • I've used this script today to pretty much disable a fired employee from "easily" getting data off the laptop with exception of taking pictures..heh.

    I added an extra egg to this in that it calls the windows firewall and automatically blocked ALL outbound traffic then forced a reboot.

    However I think I hit a flaw somewhere as its now put the script into a reapply loop and I cannot figure out why.  This is great for pretty much making it useless for end user to use system, but now that I have it back I can't get the damn script to stop re-applying.

    Script is set to run-now...no schedule...after a reboot, USB is disabled and the internet is blocked...however it seems like by blocking outbound traffic it seems like the system thinks the script never applied and keep on retrying.  

    Here is what I added to the script.  

    <Statement description="Execute the given command as if it were typed in at a command prompt." name="ExecuteShellCommand" continueOnFail="true">

               <Parameter xsi:type="StringParameter" name="Command" value="netsh advfirewall firewall add rule name=blockoutbound dir=out action=block remoteip="any" profile=any enable=yes" />

               <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />

               <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />

             </Statement>

             <Statement description="Execute the given command as if it were typed in at a command prompt." name="ExecuteShellCommand" continueOnFail="true">

               <Parameter xsi:type="StringParameter" name="Command" value="shutdown -r -t 1" />

               <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="User" />

               <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />

             </Statement>

    Anyone have any idea's on what I messed up.  I think its something to do with agent acknowledgement of script success or something.

  • Since I can't edit my post...

    I also replaced the default reboot in the original script with the shutdown executable.

  • My first guess is that you may need to allow Kaseya access through the firewall that way the agent will report back that the script has been run.

    Also I've found that using batch files work best (for me) when working with the firewall or ipconfig commands.

    PS code tags work here now (need to "use rich formatting" options)

  • I think you are correct....the script still shows pending on the machine...maybe a better option is to just disable all outbound DNS and FTP...which would really slow down the end user...but Kaseya would be able to use secondary IP connection to get out and report.

    On second thought...as long as they don't think to disable the firewall (which I am sure some will), then a reboot every 80 seconds is probably not a bad thing..heh  Long term I think forcing EFS on the drive with a password is another good option...but that can go bad fast...



    [edited by: Mark.Hodges at 10:34 AM (GMT -8) on 2-16-2011] forgot to add..
  • If you just want to be a nusance add this to a batch file and drop it in to the users start up folder


    shutdown -s -f -t 10


    So 10 seconds after login the machine shuts down. 

    or if you want to make it hard to find... drop that in HKLM\software\microsoft\windows\current version\run  (I think)

    Yeah Yeah, I know childish and immature... but it's good for an LOL every now and again.