How to lock and unlock your USB ports

External flash and hard drives can be used to deliver malware or steal sensitive files. Here's how to control who can use them.

0727 primary

Sourav Mallick says that “I want [to] protect the USB ports of my laptop from unauthorized access. Is there any software that can be used to lock the USB ports with a password and then unlock them when needed?”

Yes, and the program is called Microsoft Windows. You can disable and re-enable USB storage access with a Registry tweak. And, because you can change the Registry only from inside an administrator-level account, only someone with such an account can do it.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to answer@pcworld.com.]

If you’re comfortable working with Regedit, the key you want to go to is HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro>Set\Services\USBSTOR. The value inside that key is Start. To disable USB storage, change Start’s data to 4. To enable it again, change the data to 3.

But let me give you an easier way to change it. Copy and paste the code below into Notepad:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
”Start”=dword:00000004 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum]
”Count”=dword:00000000
”NextInstance”=dword:00000000

The result should look like this:

0727 code example
0727 icons

REG icon on left, TXT icon on right

Now save the file, in a convenient location, and name it disableusb.reg. Make sure it’s saved as a REG file, not a TXT file. You can tell by the icon.

Now repeat the process, with these two variations:

  1. Before you save the file, go to the line that reads ”Start”=dword:00000004, and change the 4 to a 3.
  2. Save the file as enableusb.reg.

Launching disableusb.reg and confirming the change will—you guessed it—disable USB-connected storage. Note, however, that it won’t affect storage already plugged in, but it will block any external drive that is plugged in after you make the change. Launching enableusb.reg will, of course, re-enable it.

How can you keep other people from launching enableusb.reg? You need to have an administrator-level account to change the Registry. Assuming that only you have an administrator account, and that you haven’t shared the password, only you will be able to make these changes.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.