+ Post New Thread
Results 1 to 1 of 1
Windows Thread, Advanced Autorun / Autoplay settings ADM file in Technical; Dear all, We have been having problems recently with some teachers being given memory sticks by students which are (either ...
  1. #1

    Join Date
    Jun 2007
    Location
    Colchester, Essex, UK
    Posts
    56
    Thank Post
    2
    Thanked 16 Times in 14 Posts
    Rep Power
    22

    Lightbulb Advanced Autorun / Autoplay settings ADM file

    Dear all,

    We have been having problems recently with some teachers being given memory sticks by students which are (either inadvertantly or deliberately) infected with 'autorun' viruses - i.e. they automatically execute when you plug them in, using the standard Windows autorun.inf file in the root directory.

    I wanted to find a way to stop this from happening, so I had a play with Group Policy to see if there was a way to disable Autorun from working on removable drives, but the only option I could find was to either a) disable it on CD drives or b) disable it on all drive types. What I wanted to do was disable it on *just* removable drives, as I didn't want to break the CD/DVD autoplay feature (since CDs and DVDs are generally read-only and therefore viruses are less likely to automatically spread through them, and also teachers use this a lot at our school to show DVDs / play CDs etc).

    Anyway, after some investigation, it turns out that the 'NoDriveTypeAutorun' value that Group Policy changes is a little more flexible than the Group Policy Editor might initially suggest, and so I took it upon myself to create a new ADM file for Group Policy which would allow me to disable Autorun on *just* removable drives, or any other reasonable combination of drive types, and I thought I would share it with the rest of you.

    Before I share this, I should probably point out the following things:
    • There is a small amount of misinformation around on the Internet regarding the NoDriveTypeAutorun setting, so make sure you check the Microsoft website for the 'real deal'. The most useful article I found was here, which describes the numbering system behind the registry key, and also the default values for all the recent Microsoft OSes. It also advocates installing an extra hotfix, 950582 in order to get it the NoDriveTypeAutorun key to to work properly - however, I have found that it seems to work fine without this.
    • The default settings for NoDriveTypeAutorun are different between Windows 2000/2003 and Windows XP/Vista. Windows 2000/2003 (and I think prior versions as well) use a default value of 0x95, which disables unknown, network and removable drives by default, and Windows XP/Vista use a default value of 0x91, which just disables unknown and network drives (but NOT removable). This ADM file sets the XP/Vista setting by default, but if you want to set it to the 2000/2003 default (as I have done on my network), use the 'Removable Drives' option.
    • I have created options to disable Autorun on all combinations of fixed, removable and CD drives, but I didn't bother creating new settings for network, unknown or RAM drives, as it seemed that most people wouldn't want to change the behaviour for these drive types. If you do, it shouldn't be too hard to work out how - perhaps you could post your results here


    The ADM file follows. I suggest saving it as 'AdvancedAutorun.adm', and then importing into the Group Policy Editor as usual (right click Administrative Templates, Add/Remove Templates). The new settings will appear under a new folder called 'Advanced Autorun Settings' in the normal place.

    Code:
    ; Advanced Autorun settings (AdvancedAutorun.adm)
    ; See http://support.microsoft.com/kb/953252 for details
    
    CLASS MACHINE
    
    CATEGORY !!AdvancedAutorun
    	POLICY !!AutorunAdvanced
    		KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
    
    		PART !!Autorun_Box          DROPDOWNLIST REQUIRED
    			VALUENAME "NoDriveTypeAutorun"
    			ITEMLIST
    				NAME !!Autorun_Default		VALUE NUMERIC 145 ; 0x91
    				NAME !!Autorun_NoRemovable	VALUE NUMERIC 149 ; 0x95
    				NAME !!Autorun_NoFixed		VALUE NUMERIC 153 ; 0x99
    				NAME !!Autorun_NoRemovableFixed	VALUE NUMERIC 157 ; 0x9D
    				NAME !!Autorun_NoCD		VALUE NUMERIC 177 ; 0xB1
    				NAME !!Autorun_NoRemovableCD 	VALUE NUMERIC 181 ; 0xB5
    				NAME !!Autorun_NoFixedCD	VALUE NUMERIC 185 ; 0xB9
    				NAME !!Autorun_None		VALUE NUMERIC 255 DEFAULT ; 0xFF
    			END ITEMLIST
    		END PART
    		PART !!Autorun_Text1	TEXT
    		END PART
    		PART !!Autorun_Text2	TEXT
    		END PART
    	END POLICY
    END CATEGORY
    
    CLASS USER
    
    CATEGORY !!AdvancedAutorun
    	POLICY !!AutorunAdvanced
    		KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
    
    		PART !!Autorun_Box          DROPDOWNLIST REQUIRED
    			VALUENAME "NoDriveTypeAutorun"
    			ITEMLIST
    				NAME !!Autorun_Default		VALUE NUMERIC 145 ; 0x91
    				NAME !!Autorun_NoRemovable	VALUE NUMERIC 149 ; 0x95
    				NAME !!Autorun_NoFixed		VALUE NUMERIC 153 ; 0x99
    				NAME !!Autorun_NoRemovableFixed	VALUE NUMERIC 157 ; 0x9D
    				NAME !!Autorun_NoCD		VALUE NUMERIC 177 ; 0xB1
    				NAME !!Autorun_NoRemovableCD 	VALUE NUMERIC 181 ; 0xB5
    				NAME !!Autorun_NoFixedCD	VALUE NUMERIC 185 ; 0xB9
    				NAME !!Autorun_None		VALUE NUMERIC 255 DEFAULT ; 0xFF
    			END ITEMLIST
    		END PART
    		PART !!Autorun_Text1	TEXT
    		END PART
    		PART !!Autorun_Text2	TEXT
    		END PART
    	END POLICY
    END CATEGORY
    
    [strings]
    AdvancedAutorun="Advanced Autorun Settings"
    Autorun_Box="Turn off Autoplay on:"
    Autorun_Default="No drives (XP/Vista default)"
    Autorun_NoRemovable="Removable drives"
    Autorun_NoFixed="Fixed drives"
    Autorun_NoRemovableFixed="Removable, Fixed drives"
    Autorun_NoCD="CD-ROM drives"
    Autorun_NoRemovableCD="CD-ROM, Removable drives"
    Autorun_NoFixedCD="CD-ROM, Fixed drives"
    Autorun_None="All drives (including RAM drives)"
    AutorunAdvanced="Turn off Autoplay (advanced)"
    Autorun_Text1="Windows XP and Vista disable Network and Unknown drives by default"
    Autorun_Text2="Windows 2000 and Server 2K3 also disable Removable drives by default"
    Last edited by Minkus; 23rd October 2008 at 05:13 PM.

  2. 3 Thanks to Minkus:

    dhicks (23rd October 2008), Jobos (25th February 2009), powdarrmonkey (23rd October 2008)



SHARE:
+ Post New Thread

Similar Threads

  1. Empty Camera Autoplay
    By cgiuk in forum Windows
    Replies: 1
    Last Post: 13th October 2008, 10:41 AM
  2. advice on how to create .adm file
    By PEO in forum General Chat
    Replies: 11
    Last Post: 8th May 2008, 03:00 PM
  3. cd autoplay
    By david12345 in forum Windows
    Replies: 2
    Last Post: 16th December 2007, 12:52 AM
  4. IE7 "Advanced" settings tab in GPO
    By rhyds in forum Windows
    Replies: 2
    Last Post: 15th October 2007, 12:54 PM
  5. Advanced file permissions in XP Home
    By crc-ict in forum Windows
    Replies: 2
    Last Post: 7th December 2006, 09:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •