How To Disable Usb Port In Windows 10
Francesc Benjamin
I'm trying to install a service on a Windows Server 2003 machine which is supposed to listen on port 80 but it fails to start because some other service is already listening on that port. So far I've disabled the IIS Admin service and the HTTP SSL service but no luck.
In W2K3, the kernel-mode driver HTTP.SYS listens for incoming HTTP and HTTPS connection attempts. You can configure the binding behaviour with the httpcfg.exe set iplisten -i x.x.x.x:y command. Have a look at some usage examples and the syntax and you'll figure it out.
The IIS Admin service wouldn't be installed if the World Wide Web Publishing service wasn't also installed, so that's my guess as to what's listening on port 80. Have you checked to see if the World Wide Web Publishing service is running? You'll probably find that it is. You'll need to stop it or configure the default web site (and any other web site) to listen on a port other than 80.
WannaCry, also known as Wanna Decryptor ransomware has ran amuck on computers all over the world since the afternoon of May 12, 2017. Important files and documents are encrypted and are blackmailed for $300 to $600 value of virtual Bitcoin currency. By now, no effective decrypt methods found. Except for helpless waiting for the cure, there are some things we can do to prevent infection and make things better.
It is said that the WannaCry virus infect hard drive via TCP port 445 which opened by system during installing, so does to Petya variant virus. Following details how to block port 445 in Windows 7, 10, and XP in easy and simple ways. But before that, you may want to know what TCP port 445 is used for, so is the port 139.
Port 445 and port 139 are Windows ports. Port 139 is used for Network Basic Input Output System (NetBIOS) name resolution and port 445 is used for Server Message Blocks (SMB). They all serve Windows File and Printer Sharing.
In Windows 2000, Microsoft has created a new transport for SMB over TCP and UDP on port 445, which replaces the older implementation that was over ports 137, 138, 139. Keep port 445 and port 139 opened will leave the hard disks exposed on this port, i.e. you share your hard drives with any one that can access to this port, including deleting, formating, and implant virus and so on.
You may understand port 445 in this way. If you close port 445, you will not be able to copy any file system data to or from the path where port 445 is closed. In terms of domain host, this will definitely break group policy. You will lose browsing capabilities to networks past the intranet network as well.
Actually, there is another method to stop port 445 with the help of Windows Firewall. It is just in another manner. For those who are getting used to command line operations, method 2 would be their favorite.
Modifying registry of the system can also help you protect yourself from WannaCry ransomware. However, you cannot be more careful during the process of modifying registry. It is a database for Windows system programs and installed applications. These programs might not be able to run well if you delete any important file by accident. Please backup registry first just in case.
This method is effective and almost applies to every computer user. If you just follow the steps strictly, no mistakes will be made. Please note that you need to disable Windows Server service to strengthen the protection for WannaCry cyber attack.
*If you want to enable or open port 445 in Windows 7 in the future, just delete the new created rule in Windows Firewall, or change the value data from 0 to 1, or just delete the value in Registry Editor or switch Disabled to Automatic in Server Properties.
Also, except for data, you still need to protect other important things on your PC, such as system, disk or partition. That way you won't be put in danger. If you still don't do so, download this free backup software - AOMEI Backupper to have a try!
You can backup any items you want, and enable its Schedule Backup to continuously protect your system and data. To avoid backup disk full, you can enable High compression level, Incremental and Differential Backup, Backup Scheme according to your situation. Differential Backup and Backup Scheme are available on the professional version or higher.
Welcome to HP Support Forums. I came across your post and understand that you have an HP LaserJet Pro M1536dnf Multifunction Printer and would like to know how to disable the 9100 port on your printer. I read that such option is not available in web services and by doing telnet. I appreciate the steps you have performed and have certainly done a good job.
I am trying to get COM port redirection disabled in WVD and it doesn't seem to work. The RDP property in a typical connection file (redirectcomports:i:0) doesn't seem to work and is not valid if I try to put that on the host pool properties. I also tried a GPO to disable COM ports and that also didn't work.
@kknox46 What GPO did you set? You should be able to disable com ports with the Do not allow COM port redirection policy under Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Device and Resource Redirection.
Lets say my PC & server is in an environment where a theoretical attacker has physical access to the machine while I'm not there. Now the data is encrypted on the hard drive with TrueCrypt. However if I'm not there I usually don't bother dismounting the encrypted containers as it's time consuming to enter the long password to remount them each time. So the data is readable if you have access to the machine and know the password to log in. Now I assume the data must also be readable if I'm not logged in either as they could plug a device into one of the USB ports and copy the unencrypted data on the hard drive partitions that are mounted.
My plan is to stop a casual attacker, e.g. flatmate, colleague etc plugging in and copying data from the hard drive. Obviously it's less likely they're going to open up the case and hot plug in something into the PCI bus to do it. Also it's unlikely they will walk off with the PC to do a thorough job of it.
How do I disable unused USB ports etc when the computer is in 'locked' mode so that they can't just plug in and copy data from the hard drive? Any other precautions that I could take?
You can modify this to totally disable the usb stack - you'll need to modprobe -r on ohci, xhci and ehci and any other prefixes to hci you can find. In my kernel, these are baked into the core binary, so there is nothing I can do to remove them from the kernel.
As to whether this can be done on Windows - from looking, not so easily. You can disable USB storage classes using something akin to this method - and you can definitely lock the screen from a script using Rundll32.exe User32.dll,LockWorkStation. However, I suspect a dedicated solution for this would be best.
On the likelihood of USB cloning devices actually working - well the USB spec simply defines a bus. At the host end, you need device drivers capable of communicating with the device for it to work. These exist for mass storage devices, obviously, however, in order to automatically install drivers you need Windows - Linux has no such autorun capability (that I know of). However, Windows does. In which case, a simple solution would be:
Under these circumstances, there would be no way for an inserted USB device to actually initiate a copy of your disk assuming no bugs in the USB device drivers that could be exploited for this purpose (very, very unlikely).
(Not that I'm paranoid, but I tend to run systems I care about with device driver installation blocked anyway, just for good measure. Also, UAC these days, along with driver signing if you're using x64 Windows, should prompt before installing a driver, so you should be good. But just in case...)
In the specific scenario you outline, then to block it, just turn off auto-run. It should already be off in Windows if you've got it patched properly; in Linux how to turn it off (or even if it's on) depends on Distro, Desktop Environment, etc.
However, please do note that the specific scenario you outline does not make sense. If the attacker is serious enough to build a custom USB stick to do this, then they are not going to be so casual that they give up when it doesn't work, and will try something else. Boot from a LiveCD, copy your TrueCrypt volumes, install a keylogger, and wait to get the password in the mail, for example. Law 3: it's their computer now.
If you're using some sort of endpoint protection, they may have the ability to disable USB flash drives. I know the Symantec Endpoint Protection has the ability to disable USB flash while allowing other USB devices.
You can write a PowerShell script for the lock and unlock screen event to disable the installation of new USB devices.Your script must change the local GPO settings at every lock and unlock from your screen.
Hello... I am using a Windows Server 2008R2 as a web server. We were contacted by our security people that I need to close Port 445. Port 445 have been tied to RansomWare attacks. I used the firewall in the server to create a block for port 445. But when I use the "netstat -na" command, port 445 is still open. And the security people also confirmed port 445 is still open. There was another method to close port 445 by using regedit to disable features within the server. I am not sure if the regedit method will affect the active server. Obviously I do not want to disturb the active web server. Anyway, is the regedit method a viable solution or is there another way to block port 445 from being open. Thank you in advance for your help.
I am running across a number vulnerability assessment findings regarding sslv2 being accepted on my SPLUNK Universal forwarder clients. I am using the Universal Forwarder to send data from my windows and linux machines to my indexer. I don't need it to listen on any port, that I know of.
d3342ee215