Home > Protecting Your USB, Smart Tip, Win XP, Windows > Protecting Your USB – 4 : Enabling Write-Protect

Protecting Your USB – 4 : Enabling Write-Protect


Scenario : Your PC contains a lot of important and personal files and you are afraid that someone will just connect a portable Drive and copy your important files and want to disable that.

Solution : This is a really good concern and certainly not paranoid…..unless your important files happen to be just some “stuff” *cough cough prOn cough cough*.

On a serious note, anyone wanting to copy your Personal / Sensitive / Important / Confidential / and so on… could easily make an executable file to be run on autorun and have the executable copy the data to the pendrive (in the background without you knowing) when connected. So the first thing that you need to do is disable autorun on your PC. However that is just the part of it…one of the solutions you can implement is to disable users from writing to a USB storage device when connected to your PC. Simple and Elegant ??

So how do we do it ??

We do it by setting a certain key in the registry. But this setting has the prerequisite of the OS version to be XP SP2 or higher. The beauty of the method lies in the fact that it disables writing to the drive but retains reading from it….so without further ado, here is the manual way to implement a write-protect switch for any USB device connected to your PC.

  1. Go to Start -> Run -> Type regedit and hit Enter or click on the OK button.
  2. Browse to:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  3. Create a new key called StorageDevicePolicies. Right click on the Control, select New -> Key and type in StorageDevicePolicies, as is
  4. Create a DWORD called WriteProtect under StorageDevicePolicies that you created in step 2 and set the value to 1.

To allow writing to USB drives just change the value to 0.

If you do not feel comfortable going to the registry, here is the “.reg” file for it. Just save the below two codes as “.reg” file using notepad and double-click the appropriate file to enable or disable.

Registry Script to Enable Write-Protection (disallow writing to the USB drive) :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]

“WriteProtect”=dword:00000001

Registry Script to disable Write-Protection (allow writing to the USB drive) :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]

“WriteProtect”=dword:00000000

If you want one more option, then you can also use the command prompt. Here are two batch files which you can use to enable and disable the switch :

Command Script to Enable Write-Protection (disallow writing to the USB drive) :

cd\

reg add “HKLM\System\CurrentControlSet\Control\StorageDevicePolicies” /t Reg_dword /v WriteProtect /f /d 1

Command Script to Disable Write-Protection (allow writing to the USB drive) :

cd\

reg add “HKLM\System\CurrentControlSet\Control\StorageDevicePolicies” /t Reg_dword /v WriteProtect /f /d 0

Once you use the registry hack, you might have to reboot for the changes to take effect. Here’s the window you’ll get when you try and write to a USB drive:


we will continue this topic in my next post….till then…Stay Sharp

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: