Advanced Autorun / Autoplay settings ADM file

[Minkus]

Dear all,

 

We have been having problems recently with some teachers being given memory sticks by students which are (either inadvertantly or deliberately) infected with 'autorun' viruses - i.e. they automatically execute when you plug them in, using the standard Windows autorun.inf file in the root directory.

 

I wanted to find a way to stop this from happening, so I had a play with Group Policy to see if there was a way to disable Autorun from working on removable drives, but the only option I could find was to either a) disable it on CD drives or b) disable it on all drive types. What I wanted to do was disable it on *just* removable drives, as I didn't want to break the CD/DVD autoplay feature (since CDs and DVDs are generally read-only and therefore viruses are less likely to automatically spread through them, and also teachers use this a lot at our school to show DVDs / play CDs etc).

 

Anyway, after some investigation, it turns out that the 'NoDriveTypeAutorun' value that Group Policy changes is a little more flexible than the Group Policy Editor might initially suggest, and so I took it upon myself to create a new ADM file for Group Policy which would allow me to disable Autorun on *just* removable drives, or any other reasonable combination of drive types, and I thought I would share it with the rest of you.

 

Before I share this, I should probably point out the following things:

• There is a small amount of misinformation around on the Internet regarding the NoDriveTypeAutorun setting, so make sure you check the Microsoft website for the 'real deal'. The most useful article I found was here, which describes the numbering system behind the registry key, and also the default values for all the recent Microsoft OSes. It also advocates installing an extra hotfix, 950582 in order to get it the NoDriveTypeAutorun key to to work properly - however, I have found that it seems to work fine without this.
  
• The default settings for NoDriveTypeAutorun are different between Windows 2000/2003 and Windows XP/Vista. Windows 2000/2003 (and I think prior versions as well) use a default value of 0x95, which disables unknown, network and removable drives by default, and Windows XP/Vista use a default value of 0x91, which just disables unknown and network drives (but NOT removable). This ADM file sets the XP/Vista setting by default, but if you want to set it to the 2000/2003 default (as I have done on my network), use the 'Removable Drives' option.
  
• I have created options to disable Autorun on all combinations of fixed, removable and CD drives, but I didn't bother creating new settings for network, unknown or RAM drives, as it seemed that most people wouldn't want to change the behaviour for these drive types. If you do, it shouldn't be too hard to work out how - perhaps you could post your results here
  

 

The ADM file follows. I suggest saving it as 'AdvancedAutorun.adm', and then importing into the Group Policy Editor as usual (right click Administrative Templates, Add/Remove Templates). The new settings will appear under a new folder called 'Advanced Autorun Settings' in the normal place.

 

; Advanced Autorun settings (AdvancedAutorun.adm)
; See http://support.microsoft.com/kb/953252 for details

CLASS MACHINE

CATEGORY !!AdvancedAutorun
POLICY !!AutorunAdvanced
	KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"

	PART !!Autorun_Box          DROPDOWNLIST REQUIRED
		VALUENAME "NoDriveTypeAutorun"
		ITEMLIST
			NAME !!Autorun_Default		VALUE NUMERIC 145 ; 0x91
			NAME !!Autorun_NoRemovable	VALUE NUMERIC 149 ; 0x95
			NAME !!Autorun_NoFixed		VALUE NUMERIC 153 ; 0x99
			NAME !!Autorun_NoRemovableFixed	VALUE NUMERIC 157 ; 0x9D
			NAME !!Autorun_NoCD		VALUE NUMERIC 177 ; 0xB1
			NAME !!Autorun_NoRemovableCD 	VALUE NUMERIC 181 ; 0xB5
			NAME !!Autorun_NoFixedCD	VALUE NUMERIC 185 ; 0xB9
			NAME !!Autorun_None		VALUE NUMERIC 255 DEFAULT ; 0xFF
		END ITEMLIST
	END PART
	PART !!Autorun_Text1	TEXT
	END PART
	PART !!Autorun_Text2	TEXT
	END PART
END POLICY
END CATEGORY

CLASS USER

CATEGORY !!AdvancedAutorun
POLICY !!AutorunAdvanced
	KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"

	PART !!Autorun_Box          DROPDOWNLIST REQUIRED
		VALUENAME "NoDriveTypeAutorun"
		ITEMLIST
			NAME !!Autorun_Default		VALUE NUMERIC 145 ; 0x91
			NAME !!Autorun_NoRemovable	VALUE NUMERIC 149 ; 0x95
			NAME !!Autorun_NoFixed		VALUE NUMERIC 153 ; 0x99
			NAME !!Autorun_NoRemovableFixed	VALUE NUMERIC 157 ; 0x9D
			NAME !!Autorun_NoCD		VALUE NUMERIC 177 ; 0xB1
			NAME !!Autorun_NoRemovableCD 	VALUE NUMERIC 181 ; 0xB5
			NAME !!Autorun_NoFixedCD	VALUE NUMERIC 185 ; 0xB9
			NAME !!Autorun_None		VALUE NUMERIC 255 DEFAULT ; 0xFF
		END ITEMLIST
	END PART
	PART !!Autorun_Text1	TEXT
	END PART
	PART !!Autorun_Text2	TEXT
	END PART
END POLICY
END CATEGORY

[strings]
AdvancedAutorun="Advanced Autorun Settings"
Autorun_Box="Turn off Autoplay on:"
Autorun_Default="No drives (XP/Vista default)"
Autorun_NoRemovable="Removable drives"
Autorun_NoFixed="Fixed drives"
Autorun_NoRemovableFixed="Removable, Fixed drives"
Autorun_NoCD="CD-ROM drives"
Autorun_NoRemovableCD="CD-ROM, Removable drives"
Autorun_NoFixedCD="CD-ROM, Fixed drives"
Autorun_None="All drives (including RAM drives)"
AutorunAdvanced="Turn off Autoplay (advanced)"
Autorun_Text1="Windows XP and Vista disable Network and Unknown drives by default"
Autorun_Text2="Windows 2000 and Server 2K3 also disable Removable drives by default"

Edited October 23, 2008 by Minkus