USB Write Protect Problem

Son_of_Belial

Hey guys - I'm wondering if any of you who are more technically minded than I can help me out with a problem...

My work computer (to which I do not have Administrative Access :mad:) has writeprotect on USB devices enabled. I went into the Registry and found the following:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies

The offending DWORD was there: WriteProtect with it's Value set to 1. So I tried to set it to 0 so I can use my thumb drive as I want to but then I got the following pop-up:



Anyway, now I'm stumped. Is there anything else I can do to workaround this and write to my thumb drive?

chebe

Okay, firstly messing with the security of your work machine could get you in a lot of trouble. I don't advise it. If you were doing this at home and you have a cd-drive, then I'd say perhaps you could run a linux live cd, mount the hard drive, and edit the registry that way. There's a lot that could go wrong though.

Son_of_Belial

I did part of what you suggest - I downloaded an ISO of a program called PCloginnow 2.0, disconnected the Ethernet cable so my machine was off the network and familiarised myself with the CD. I can't go near the network Admin account (even if I wanted to which I don't) and not even my own account which I knew was networked anyway, but I did discover that I can tinker around with the inbuilt "Administrator" and even the manufacturer Admin account on the machine. My MO if I was actually going to do this would be to a) disconnect the Ethernet cable b) boot from my little Linux CD c) blank the Administrator account password, and use that to log on to the machine only after restart so I could make the changes. I don't know if the registry will snap back to the networked registry settings and undo my work once I reconnect the Ethernet cable, which I suspect might happen. Consequences of discovery aside, and something doesn't divide by Zero, what do y'all think the outcome might be?

chebe

Think about it for a second. The drive is mounting read-only, no writes allowed. This implies the company is worried about data/document theft or leakage. Which means, if they're smart, what you're attempting to do is exactly what they've tailored their security to prevent. Doing this may trigger some sort of auto detection.

Discovery aside, you won't be able to cover all your tracks. Windows records everything, often in multiple places, it would take an expert to track them all down. Most usb drives have unique IDs, copies, links, recent docs, all will be recorded. It would be grounds for firing if not legal action.

Otherwise, I'm not familiar with Windows in networked environments, I suspect everything will be reverted once you plug back in, only way to know for sure is to replicate the environment elsewhere (I'd go for VMs), and then diff the machines after each action. But that seems unfeasible in this situation.

Son_of_Belial

Hmm hardly seems worth the hassle

chebe

A few security people have said to me; you don't need to perfectly protect a system/property, just make the hassle greater than the gain, they'll move on to weaker targets.