|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
November 9th 09, 03:50 PM
posted to microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin
|
|||
|
|||
Disabling Autorun
Hi folks....I've been reading about Autorun as a security threat and decided
to try to disable it. I'm running XP Pro SP3 fully patched, including KB967715. Many of the web discussions on the problem indicate that one should use GPEDIT to change the Local Policy, When I open GPEDIT / Computer Configuration / Administrative Templates, the only entry I see there is Windows Components. Where am I going wrong??? My goal is to disable autorun on CD's. DVD's, USB and other memory cards, external drives, floppy drives and zip drives. When/If successful here I also have a XP Home PC which I want to fix to be the same. Thanks in advance for your help.....RDK 
|
| Ads |
|
#2
November 9th 09, 04:34 PM
posted to microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Disabling Autorun
On Nov 9, 10:50*am, "RDK" wrote:
Hi folks....I've been reading about Autorun as a security threat and decided to try to disable it. *I'm running XP Pro SP3 fully patched, including KB967715. Many of the web discussions on the problem indicate that one should use GPEDIT to change the Local Policy, *When I open GPEDIT / Computer Configuration / Administrative Templates, the only entry I see there is Windows Components. Where am I going wrong??? My goal is to disable autorun on CD's. DVD's, USB and other memory cards, external drives, floppy drives and zip drives. *When/If successful here I also have a XP Home PC which I want to fix to be the same. Thanks in advance for your help.....RDK For your GPEdit issue, it sounds like you have missing templates but they are easy to install. In GPEdit, right click Administrative Templates, Add/Remove Templates. Usually, you would see: conf inetres system wmplayer wuau Click Add and it will open a folder where you can Add the missing components to match the usually in there list, or to match the list on some system that is working properly. Reboot to make sure the changes stick. Each component has a story you can Google for more information. Here is a good place to start: http://support.microsoft.com/default...b;en-us;816662 Group Policy Editor is not available in XP Home, but if you can launch it, that must not be you. For your AutoPlay thing, you may want to investigate the popular free Tweak UI program. Some things are easier to understand and accomplish with Tweak UI and you can uninstall it if you don't like it. You may like it. Get it he http://www.microsoft.com/windowsxp/D...powertoys.mspx It will give you some friendlier ways to do things (like disable AutoPlay for drives) and will work with all versions of XP.
|
|
#3
November 9th 09, 08:39 PM
posted to microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Disabling Autorun
"RDK" wrote in
: Hi folks....I've been reading about Autorun as a security threat and decided to try to disable it. I'm running XP Pro SP3 fully patched, including KB967715. Many of the web discussions on the problem indicate that one should use GPEDIT to change the Local Policy, When I open GPEDIT / Computer Configuration / Administrative Templates, the only entry I see there is Windows Components. Where am I going wrong??? Right-click on "Administrative Templates", then "Add/Remove Templates". My goal is to disable autorun on CD's. DVD's, USB and other memory cards, external drives, floppy drives and zip drives. When/If successful here I also have a XP Home PC which I want to fix to be the same. Thanks in advance for your help.....RDK "How to disable the Autorun functionality in Windows" http://support.microsoft.com/kb/967715 HTH, John
|
|
#4
November 9th 09, 09:30 PM
posted to microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Disabling Autorun
RDK wrote:
Hi folks....I've been reading about Autorun as a security threat and decided to try to disable it. I'm running XP Pro SP3 fully patched, including KB967715. Many of the web discussions on the problem indicate that one should use GPEDIT to change the Local Policy, When I open GPEDIT / Computer Configuration / Administrative Templates, the only entry I see there is Windows Components. Where am I going wrong??? My goal is to disable autorun on CD's. DVD's, USB and other memory cards, external drives, floppy drives and zip drives. When/If successful here I also have a XP Home PC which I want to fix to be the same. Thanks in advance for your help.....RDK Get Microsoft's TweakUI powertoy and use it to disable autorun. In TweakUI, go to the following tree node: My Computer |___ AutoPlay |___ Types Although it says it is an auto-play option (which is used to determine what handler gets used for what content on a CD/DVD drive), the Types settings modify the following auto-run registry key: Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer Item: NoDriveTypeAutoRun Since that is under the HKEY_CURRENT_USER hive, changes the settings are effected only under your account. You would have to logon under each account to use TweakUI (or gpedit) to change the setting under each account, or edit the HKEY_USERS hive to make changes on all accounts without having to log into each account. If you want to use the group policy editor (gpedit.msc) then go to its following tree node: Local Computer Policy |___ Computer Configuration |___ Administrative Templates |___ System You can disable auto-play (aka auto-run) there. You'll probably want to disable it on all drives. Gpedit lets you disable/enable auto-play on all drives or just on CD/DVD drives. Selecting all drives results in using a hex value of FF in the NoDriveTypeAutoRun registry item. TweakUI doesn't let you disable auto-play on all drives (because the setting is rather meaningless) and instead offers to disable/enable auto-play on CD/DVD drives or removable drives (e.g., USB thumb drives) or both. That results in setting NoDriveTypeAutoRun to B5 hex. This registry value is a bit mask. Convert the hex value to binary and each 1 in that value represents where auto-play is disabled (you are enabling the disable). http://support.microsoft.com/kb/967715 for info on what each bit means in the mask. TweakUI: Turn off auto-play on CD/DVD drives and removable drives Value: B5 hex = 1011 0101 binary Disables: bit 0 = drives of unknown type 2 = removable drives 4 = network drives 5 = CD-ROM drives 7 = reserved gpedit: Turn off auto-play on all drives Value: FF hex = 1111 1111 binary bit 0 = drives of unknown type 1 = (reserved) 2 = removable drives 3 = fixed drives 4 = network drives 5 = CD-ROM drives 6 = RAM disks 7 = (reserved) I don't see when auto-play would be applicable to fixed or RAM disks so the settings used by TweakUI are sufficient. gpedit just disables (sets the disable) all of them when you select all drives. As to you not seeing the System subnode in gpedit's tree, are you logged under an administrator account when you use gpedit? Are you logged under a local admin account or under a domain account (in which you've been granted some admin rights on your host)?
|
|
#5
November 9th 09, 09:55 PM
posted to microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Disabling Autorun
VanguardLH wrote:
RDK wrote: Hi folks....I've been reading about Autorun as a security threat and decided to try to disable it. I'm running XP Pro SP3 fully patched, including KB967715. Many of the web discussions on the problem indicate that one should use GPEDIT to change the Local Policy, When I open GPEDIT / Computer Configuration / Administrative Templates, the only entry I see there is Windows Components. Where am I going wrong??? My goal is to disable autorun on CD's. DVD's, USB and other memory cards, external drives, floppy drives and zip drives. When/If successful here I also have a XP Home PC which I want to fix to be the same. Thanks in advance for your help.....RDK Get Microsoft's TweakUI powertoy and use it to disable autorun. In TweakUI, go to the following tree node: My Computer |___ AutoPlay |___ Types Although it says it is an auto-play option (which is used to determine what handler gets used for what content on a CD/DVD drive), the Types settings modify the following auto-run registry key: Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer Item: NoDriveTypeAutoRun Since that is under the HKEY_CURRENT_USER hive, changes the settings are effected only under your account. You would have to logon under each account to use TweakUI (or gpedit) to change the setting under each account, or edit the HKEY_USERS hive to make changes on all accounts without having to log into each account. If you want to use the group policy editor (gpedit.msc) then go to its following tree node: Local Computer Policy |___ Computer Configuration |___ Administrative Templates |___ System You can disable auto-play (aka auto-run) there. You'll probably want to disable it on all drives. Gpedit lets you disable/enable auto-play on all drives or just on CD/DVD drives. Selecting all drives results in using a hex value of FF in the NoDriveTypeAutoRun registry item. TweakUI doesn't let you disable auto-play on all drives (because the setting is rather meaningless) and instead offers to disable/enable auto-play on CD/DVD drives or removable drives (e.g., USB thumb drives) or both. That results in setting NoDriveTypeAutoRun to B5 hex. This registry value is a bit mask. Convert the hex value to binary and each 1 in that value represents where auto-play is disabled (you are enabling the disable). http://support.microsoft.com/kb/967715 for info on what each bit means in the mask. TweakUI: Turn off auto-play on CD/DVD drives and removable drives Value: B5 hex = 1011 0101 binary Disables: bit 0 = drives of unknown type 2 = removable drives 4 = network drives 5 = CD-ROM drives 7 = reserved gpedit: Turn off auto-play on all drives Value: FF hex = 1111 1111 binary bit 0 = drives of unknown type 1 = (reserved) 2 = removable drives 3 = fixed drives 4 = network drives 5 = CD-ROM drives 6 = RAM disks 7 = (reserved) I don't see when auto-play would be applicable to fixed or RAM disks so the settings used by TweakUI are sufficient. gpedit just disables (sets the disable) all of them when you select all drives. As to you not seeing the System subnode in gpedit's tree, are you logged under an administrator account when you use gpedit? Are you logged under a local admin account or under a domain account (in which you've been granted some admin rights on your host)? Oops, a correction. TweakUI changes the following per-account registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer Item: NoDriveTypeAutoRun However, gpedit modifies the following local machine (global) registry key: Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer Item: NoDriveTypeAutoRun TweakUI only changes auto-play/run for your account under which you are logged under. gpedit changes it on the machine. The machine settings override the per-account settings. So you could use TweakUI to enable auto-play under your account but if gpedit disabled auto-play on your machine then they remain disabled under your account.
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
