Reputation: 25
Developing a program to password protect usb write access
In the place where I work we have sensitive data on our computers that need to stay there but we regularly update our data so we need a way to disallow copying to a flash drive but allow copying from the flash drive to the computer. Currently we're doing that with the windows registry key StorageDevicePolicies-->writeprotect(1) but since anyone with some computer knowledge can undo this it's not secure enough. I searched but couldn't find anything online so I decided to develop it myself. The problem is I don't have any experience working with hardware I mostly develop database applications in c sharp. So I would appreciate a solution in c sharp but anything that can help is highly appreciated.
Upvotes: 1
Views: 1735
Answers (2)
Reputation: 127553
I doubt you have network access because you are using flash drives to copy data. But even if you don't have a network you can still use this method (but administrators can still get around it).
Group policy has the exact setting you are looking for. Just open the Group Policy Snap-in, then under either Computer Configuration or User Configuration (if you want it applied on a computer basis or a user basis respectively (if you want it on one computer but only applied to some users you need set up loopback processing) then go to \Administrative Templates\System\Removable Storage Access\
In that folder you can enable the following settings:
- CD and DVD: Deny write access
- Custom Classes: Deny write access
- Floppy Drives: Deny write access
- Removable Disks: Deny Write access
- Tape Drives: Deny write access
- WPD Devices: Deny write access
If you are on a domain you can make it so even if the user is a local administrator to the computer they cant disable the setting unless they are a domain administrator too. If you are not on a domain, any user who is a Adminstrator can disable it.
Upvotes: 0
Reputation: 38367
If they have admin rights, then any C# program you write can be shutoff just as easily as they can change the registry key. The real solution is to modify user rights, and possibly remove flash drive capabilities and use network shares instead when data needs to be copied to machines.
If anything, I might just make a service with an unassuming name that polls the registry key periodically to see if it's been flipped, and if it has then notify IT staff, who would then commandeer the computer, flash drive, and event logs(showing the registry key was changed by that user), and then refer them and the logs to management. This assumes employees have been thoroughly and frequently warned that copying data off machines is strictly against the rules. Sometimes it is not clear to a user when an IT road block is just poorly managed IT, or a company policy.
Alternatively, you could make the service force the bit back if it is changed, but then trial and error will allow a user with admin rights to discover which service needs to be shut down to prevent this.
Upvotes: 2
Related Questions
- How to Block USB to block Pen Drive and External Hard Drives
- How to lock a folder on a USB drive?
- Writing USB Drive Portable Applications in C#
- Write/format protected USB flash disk or USB token
- Authorize USB drive
- Windows Client application on USB stick with write protection
- how to write protect a USB drive in C#
- How to restrict access to USB drives using C#?
- Lock usb when plugged in c#
- How restrict an application to run only from a known USB flash drive?