USB flash drives are now the dominant hardware storage devices if you want to quickly transfer data from one local computer to another. They’re cheap to buy, are available in multiple sizes and are more rapid than ever thanks to USB3. The good thing about a flash drive is it’s also plug and play so you just insert it into your PC or laptop and Windows does the rest. Flash drives can also be quickly unplugged although it’s always less risky to remove storage devices safely.
When you insert a USB flash drive into your computer for the first time, Windows will automatically load the default USB Mass Storage device driver for it so you don’t have to install third party drivers from CD or the internet etc. After a few seconds Windows will say the new device has been found, drivers installed and it’s ready to use. There is an annoying error that can occur at this point which is Windows will ask you for the administrator username and password to install the device, it will say:
You must be a member of the Administrators group on this computer to install this hardware
Although this might not be such a surprise if you’re running a limited account because limited users cannot install third party device drivers by default, it shouldn’t appear if you are already the administrator on the computer. This seems to be an issue confined to XP and we’ve heard no mention of it happening on any other operating system.
Here we have a selection of solutions for this issue which should help resolve the problem.
Corrupt USB Drivers
It’s possible that the built in driver for USB mass storage devices has become corrupted in some way. If you have another Windows XP installation to hand, simply copy and replace usbstor.inf and usbstor.pnf in C:\Windows\INF\ and replace usbstor.sys in C:\Windows\system32\drivers\. If you don’t have access to the replacement files, you can download usbstor.inf, usbstor.pnf and usbstor.sys here.
This is the most common cause for asking for admin rights to install a flash drive when you’re already an administrator. The solution is probably the most likely to get rid of this issue and the best way to fix it is to rename the Windows Catroot2 folder using these steps:
1. Press Win+R to open the Run dialog, type cmd, and then press Enter.
2. Type the following commands one after the other at the Command Prompt:
net stop cryptsvc
ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc
3. Navigate to the following folder or type the following into the Run box:
4. Look for and remove any .CAT files that begin with tmp and delete them from the folder. Do not remove any other files in this folder other than those that start start with “tmp”. Also note that this folder is Catroot and not Catroot2, which is the folder that was renamed earlier.
For ease of use we have created a simple batch file to run the commands from the steps above. It will stop/restart the service, rename the Catroot2 folder and delete any tmp*.cat files from the Catroot folder.
Make Sure Cryptographic Services is Permanently Running
Following on from the previous solution, you need to make sure the Cryptographic Services service is permanently running. The service handles the verification of signatures and certificates for Windows files and is important for handling signed driver files.
You can do this a few ways, type the following command into the Run dialog (Win+R) or Command Prompt (note the space between = and auto):
sc config cryptsvc start= auto
Or to make the change using the mouse, go to Control Panel > Administrative Tools > Services. Look for Cryptographic Services and if it’s Startup type is set to Automatic.
If the service is set to Manual or even Disabled, double click on it and in the Startup type drop down, choose Automatic and click OK.
Microsoft has a Fix It tool that is designed to repair a number of installation and update issues. It will also check Cryptographic Services to make sure it is configured correctly to run all the time. Simply download and run Fix It 50528 and follow the prompts.
Check for Unsigned Drivers
If the above solutions still don’t allow you to install USB devices, it is possibly an unsigned drivers problem. This is more likely to happen if your flash drive requires non standard drivers because trying the solutions above in turn will restore the proper default Windows USB Mass Storage drivers.
You can use a built in Windows tool called File Signature Verification to check if the drivers are signed or not.
1. Go to Start > Run (or Win+R), type sigverif and press Enter.
2. Click the Advanced button and select “Look for other files that are not digitally signed”. Make sure the file type is *.* and the location to look for is C:\Windows, which should both be set as default. Also, check the “Include subfolders” box. Click OK and it will take a few minutes to scan.
3. The list of unsigned files in Windows will eventually show up, then you can look through the list to see if you can find the mass storage driver for you flash drive. This obviously requires some knowledge of what your driver files are actually called for you to be able to search for them.
If you know the driver is unsigned you can try to find a different driver with a newer or different version. If nothing above works, your final choice might be to reinstall or repair Windows. Some people have tried everything and just can’t cure the problem. You can refer to this article on how to repair Windows.
Installing USB Drivers for Users
If you are an administrator of a computer and you have others such as family members set up as users, you may want to be able to allow them to plug in and use USB flash drives when they need to. Limited users cannot install third party device drivers, but they can install Microsoft’s own USB Mass Storage driver. Here are a few ways to get around this.
Users Install USB Drivers With a Utility
If for some reason limited users are unable to install the default Microsoft USB drivers for a flash drive, try this tool. It modifies the driver to grant access for ordinary users to insert new flash drives into the computer.
It’s a small tool created in the Autoit scripting language of 100K that simply changes the read, write and execute permissions of the the USBStor.inf file to give Users and Power Users the ability to install the default mass storage driver, whether it’s for the first time or just using a different USB port.
Allow Users to Install Drivers Via Group Policy
You can only configure group policies if you have Windows XP Professional, so this doesn’t apply to Windows Home versions. The first policy allows a standard user to install any type of driver so you need to have trust that the person you are allowing won’t accidentally install anything malicious.
1. Open the Run dialog and type Gpedit.msc.
2. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Right Assignment. Then double click on “Load and unload device drivers” and add a users name to the list.
There’s also another option in Local Policies > Security Options called “Devices: Allowed to format and eject removable media” which does what it implies and allows limited users to format and safely eject flash drives.
Double click on the option and select either Power Users or Interactive Users to accompany Administrators from the drop down. This is less of a safety risk than the above option to let others install drivers.