Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AutoPlay and AutoRun Disable

96 views
Skip to first unread message

W

unread,
Oct 12, 2009, 4:28:19 AM10/12/09
to
We want to make sure through Group Policy that whenever a CDROM, USB device.
or SATA hard drive is inserted onto a server, that no program on the device
is ever automatically executed. Which Group Policy and other registry
settings support that goal? We are using Windows XP and Windows 2003 and
Windows 2000.

I find the place under Administrative Settings and System for "Turn AutoPlay
Off" and set that to Enable. Will that turn autoplay off for *any* kind of
device?

Once that setting is set to turn autoplay off, what should be the value in
the corresponding registry setting? I gather the value for turning off
CD-ROM autoplay may be different from the setting for all drives?

I see various references to AutoRun on Google, but it looks extremely
confusing because of all of the minute variations between different versions
of Windows. I would appreciate some guidance about how we should be
setting any related Group Policy or direct registry settings for AutoRun or
other settings as well.

--
W


Florian Frommherz [MVP]

unread,
Oct 12, 2009, 2:04:06 PM10/12/09
to
Howdie!

W schrieb:


> We want to make sure through Group Policy that whenever a CDROM, USB device.
> or SATA hard drive is inserted onto a server, that no program on the device
> is ever automatically executed. Which Group Policy and other registry
> settings support that goal? We are using Windows XP and Windows 2003 and
> Windows 2000.
>
> I find the place under Administrative Settings and System for "Turn AutoPlay
> Off" and set that to Enable. Will that turn autoplay off for *any* kind of
> device?

Yeah, you found the "Turn Off Autoplay" Group Policy alright. From the
Explain tab's text, you can see:

"If you enable this setting, you can disable Autoplay on CD-ROM and
removable media drives, or disable Autoplay on all drives.

This setting disables Autoplay on additional types of drives. You cannot
use this setting to enable Autoplay on drives on which it is disabled by
default." So that's probably the policy you would want to enable.

> Once that setting is set to turn autoplay off, what should be the value in
> the corresponding registry setting? I gather the value for turning off
> CD-ROM autoplay may be different from the setting for all drives?

The value should be 255 if I caught that correct. Changing the setting
to "No CD and removable media" should result in 181 (decimal).

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

PA Bear [MS MVP]

unread,
Oct 12, 2009, 2:44:15 PM10/12/09
to
Post here instead: microsoft.public.windows.server.security

Anteaus

unread,
Oct 13, 2009, 5:56:01 PM10/13/09
to
First, check the implications of this security notice:

http://support.microsoft.com/kb/953252

Then, using regedit's search function, set all of the NoDriveTypeAutoRun
registry values to 0xFF and reboot.

W

unread,
Oct 17, 2009, 1:09:07 AM10/17/09
to
"Florian Frommherz [MVP]" <flo...@frickelsoft.DELETETHIS.net> wrote in
message news:e4xQTa2...@TK2MSFTNGP06.phx.gbl...

> Howdie!
>
> W schrieb:
>> We want to make sure through Group Policy that whenever a CDROM, USB
>> device. or SATA hard drive is inserted onto a server, that no program on
>> the device is ever automatically executed. Which Group Policy and other
>> registry settings support that goal? We are using Windows XP and
>> Windows 2003 and Windows 2000.
>>
>> I find the place under Administrative Settings and System for "Turn
>> AutoPlay Off" and set that to Enable. Will that turn autoplay off for
>> *any* kind of device?
>
> Yeah, you found the "Turn Off Autoplay" Group Policy alright. From the
> Explain tab's text, you can see:
>
> "If you enable this setting, you can disable Autoplay on CD-ROM and
> removable media drives, or disable Autoplay on all drives.
>
> This setting disables Autoplay on additional types of drives. You cannot
> use this setting to enable Autoplay on drives on which it is disabled by
> default." So that's probably the policy you would want to enable.
>
>> Once that setting is set to turn autoplay off, what should be the value
>> in the corresponding registry setting? I gather the value for turning
>> off CD-ROM autoplay may be different from the setting for all drives?
>
> The value should be 255 if I caught that correct. Changing the setting to
> "No CD and removable media" should result in 181 (decimal).

Once you have enabled the Turn Off Autoplay group policy for all drive
types, exactly which registry setting should be getting set to xFF?

I'm guessing it is in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer in the
NoDriveTypeAutoRun setting.

--
W


0 new messages