USB storage devices have been one of the best technology inventions in recent years. These days, it is possible to carry around a flash drive or memory card with hundreds of Gigabytes of capacity in your pocket. Unfortunately, the rise in portable USB drives has made it easier for malicious files to spread from computer to computer. Before opening a USB drive with unverified content, it’s always wise to scan it first for malware to be safe.
Windows has a few hidden away settings that allow a bit more control over access and writing to USB storage devices. For instance, a drive can be write protected meaning no data can be written to it. Normally you would need a small switch on the device itself to do that. You can also deny access to USB drives completely so they don’t show in Windows at all. This could be a useful security measure if you have careless users that constantly insert drives with malicious files.
The related settings are mostly stored in the registry so you have to either use Regedit or a third party utility that can do it for you. Here we show you some ways to write protect or deny access to your USB storage devices.
Note: These settings only affect the local system. While your computer might have the write protect option set, other systems will still have full read and write access. Apart from one solution below, all USB storage devices will be affected with the same setting so you cannot selectively choose which drives have write access and which don’t.
1. USB Disk Manager
USB Disk Manager is a simple multi purpose tool that has three main functions for your USB storage devices. The first is a standard write protect which makes all devices you insert read only. Inserting any drive after this change makes the cut, copy, delete and rename options disappear in the Explorer right click context menu. Also, the Del or Ctrl+X shortcut keys won’t work.
The Execute Deny option is a useful security measure as it stops any executables running from the drive. That’s handy if you have received the drive and are not sure if the contents are safe. The third option disables USB storage devices totally. This means they don’t appear in Windows Explorer and cannot be read from or written to.
The disable autorun in settings might be useful for older systems while applying the settings only for the logged on user means other users can have different USB device configurations. The option to autorun the program from a USB drive is outdated now as operating systems like Windows 7, 8, and 10 have USB autorun fully disabled. USB Disk Manager is portable and only consumes about 1MB of memory running in the background.
2. USB Write Protect
USB Write Protect is very easy to use, portable, and informative enough for users to know what it’s doing. There are three main options but the top option is probably the most useful because it enables write protection on storage devices so they can’t be written to. USB Device Lock will disable the Windows USB storage driver so storage devices are not even recognized by the system,
The last option stops autorun from launching on USB drives although autorun is disabled on Windows 7 and newer systems anyway. At the bottom, you can create a password which is required when opening the user interface to change any settings. This isn’t very secure as the password is stored as plain text in the registry or you can simply use another method here to bypass it.
Note that anyone with User Account Control (UAC) enabled will need to run USB Write Protect as administrator or the options won’t work. Right click the executable > Properties > Compatibility tab > check “Run this program as administrator” and click OK. This will make sure it runs with the correct privileges each time.
3. Phrozen Safe USB
Phrozen Safe USB is quite a basic tool that does the plain and simple task of altering the write protect status of USB storage devices you connect to the system. From the default of full access, you can change the setting to read only which prevents writing to devices. The other option is to disable devices that prevents access to USB storage devices by disabling the USB storage driver.
Select the required option and insert or reinsert a USB drive for the change to take effect. Phrozen Safe USB has a tray icon context menu to quickly switch between the modes if you want to leave it running in the background. There are additional options to disable the USB autoplay dialog, start the tool with Windows, and set up a password when opening the window or changing the access mode. Phrozen Safe USB is also a portable program.
4. URC Access Modes
URC Access Modes is a powerful tool that allows you to enable or disable a number of system settings. Once configured, it is then locked with a password which should be effective against tampering by average users. The tool changes security permissions in the system registry for each setting so you cannot use the other methods here, run .REG files, or edit the registry without knowledge of resetting the permissions.
The two options that we’re interested in are USB Access Mode and the Lock mode for inserted devices. Access Mode is the standard option of allowing USB drives the default full read and write access, making them read only, or making USB drives unavailable to the system. The lock option is like a complete disable, the main difference is after a reboot the devices can be recognized by the system but not opened or accessed.
There’s also options to enable/disable ROM drives, Registry Editor, Group Policy Editor, Task Manager, Command Prompt, and file/folder options. URC Access Modes is a standalone portable executable but make sure you have an archiving program handy as it’s distributed in a RAR archive. The .NET Framework 3.5 is required for Windows 10 users.
There are four more methods to write protect or deny access to USB drives on the next page.