PDA

View Full Version : USB Write Protection with NTFS!!!


crazy420rc
05-23-2009, 04:33 AM
ok, here's a trick that doesn't seem to be on the web anywhere (as far as i've seen). I've been getting a lot of infections on my usb thumb drive through clients computers during the cleanup process...frustrating!!!!

Make sure you know what you are doing before attempting this!!! Make a backup of drive as this process requires formatting the thumb drive.

Here's a way to make your USB thumb drive Read Only through NTFS Permissions on all computers the drive is connected to except for computers you specify.

In brief, backup thumb drive, format NTFS, remove all users and groups except for everyone (set this group to read/execute only permissions), and your local machine's username (set to full control). If done properly, You can add permissions for any user you wish just by adding their name to the list and giving them access. So after setting this up, you can use your "bench" computer to modify files on thumb drive, but once you stick it in a client's computer, the computer will have read only access.

More detailed instructions
1) Backup all contents of thumb drive.
2) Go into device manager, find your thumb drive under Disk Drives category, right click USB drive and click properties. Click on the Policies tab and make sure "optimize for performance" is checked. Click ok and exit out of device manager
3) Now go to My Computer(XP), or "Computer"(Vista) and right click thumb drive and format. Format drive as NTFS.
4) After drive is formatted, right click the thumb drive and go to properties. Click on the "Security" tab (If the "Security" tab is not showing up, you might need to disable simple file sharing (XP Pro). If using Windows XP home, you will need to do this procedure in safe mode. By default,windows "normal" mode does not support changing NTFS permissions for XP Home build.
5) Remove all Groups and users except for "everyone" and set the permissions to read/execute only, click apply. Now add your current windows username also (your logged on profile name) and make the permissions "full control".

If you have any questions regarding this procedure, feel free to ask

Was trying to figure out a way to create a script or even batch file using cacls.exe to change user permissions on thumb drive, but i don't have that much experience with cacls. If anyone has an idea on how to make this into an actual executable such as an autoit script, go for it.

Bryce W
05-23-2009, 06:44 AM
I dont see how this could help. It seems this would only apply to YOUR computer and not the clients. You writing to your own USB drive from your own computer isnt the problem. Its clients infected computers writing to your USB drive, which this wont apply to.

crazy420rc
05-23-2009, 01:13 PM
What this does:
Makes your computer have full access to change/delete/add files "full control" but if you stick the drive into a client's computer, it will have "Read/Execute" only, so you can still use the tools you have added, but if you try to change contents of the drive it will say access denied. Every client computer has the "everyone" group, so u just set the "everyone" access to read/execute only.

If you think this post is useless, feel free to delete, as it's not an actual tool

Emockler
05-23-2009, 03:08 PM
What I use rather than a thumb drive is an SD reader, with a collection of SD cards for different purposes, (some boot, one has ESXi, linux utils, etc).

Then I can use the write protect switch on the card if I suspect my removable storage is in danger.

The above will work, but what if you need to copy something to your drive, modify a script or whatever. Then you have to undo the above, or fire up your laptop. A switch is so much easier.

14049752
05-23-2009, 03:24 PM
I dont see how this could help. It seems this would only apply to YOUR computer and not the clients.

It would help out on any computer. NTFS stores the read/write permissions in the filesystem.

The problem I have with it is, ntfs permissions can be ignored. I'm not saying it's a bad idea....but: Tips like this and that Panda USB Immunizer thing are just falsely promising to write protect flash drives. I'm positive that there will be a virus soon enough that exploits this, and even uses these techniques against us.

I'll stick with using a hardware switch to write protect.

Jm Boyd
05-23-2009, 08:44 PM
This does the same with a bit less hassle... http://www.sizzledcore.com/2008/07/19/how-to-write-protect-your-usb-flash-drive/

But, I must agree that a hardware switch is the absolute best solution.

TimeCode
05-24-2009, 03:49 AM
But, I must agree that a hardware switch is the absolute best solution.

http://www.kanguru.com/defender.html

Jamb027
06-30-2009, 10:47 AM
The Kanguru FlashBlue2 looks to be a good product and a reasonable price. It has a write-protect switch.

http://www.kanguru.com/flashblu2.html

The trouble is, ff you want to purchase any items and have them shipped outside of the US you have to wire them the money before they will supply, you can't pay by card.

Jamb027
06-30-2009, 11:56 AM
I finally found a suitable product, see link below:
http://www.cclonline.com/product-info.asp?product_id=27212&tid=gsearch

Ok for UK based people but maybe not for other countries. They use the term "Write lock" instead of "Write protect". What a pain to find a suitable product. I just phone Kingston and they said that they have stopped doing the write protect switch from their USB flash drives.

BryanVest
06-30-2009, 03:20 PM
I got a 4gb with a write protect swtich for $10.99.
http://www.newegg.com/Product/Product.aspx?Item=N82E16820183232&Tpk=ridata%20slider

I also got the 8gb which is $19.99 :)

studiot
06-30-2009, 05:26 PM
What I use rather than a thumb drive is an SD reader, with a collection of SD cards for different purposes, (some boot, one has ESXi, linux utils, etc).

Then I can use the write protect switch on the card if I suspect my removable storage is in danger.

What a good idea.

Thanks buddy.

MikeRepairs
06-30-2009, 10:23 PM
I have a couple of these, it has write lock switch.
pqi U339H 4GB Black Flash Drive (USB2.0 Portable) Model BB18-403AR0151
http://www.newegg.com/Product/Product.aspx?Item=N82E16820141485

They have an 8 meg model also.

Jamb027
07-14-2009, 08:32 AM
The only problem I am having is that when I start the "Pstart" menu from the computer repair kit, i receive the following message:

"The disk can not be written to because it is write protected"

Even if I click cancel, it will not function.

Does anybody know how overcome this?