I've pretty much disabled this thing, but on occasion I slip up and forget,
such as when I plug in a new USB device. As soon as that happens, a screen
pops up and it starts copying files somewhere (who knows where), so I
immediately hit the Cancel key to stop it. And then it stops, naturally.
Who knows if it actually copied any files, and if so, where they were copied
to.

And then I go through and customize it to TAKE NO ACTION (which I think
should be the *default action* for any new devices being plugged in).

Anyway, my question is, where was it trying to copy these files to? And
could it have if I hit the cancel button in time (like two seconds later)?
Hopefully it didn't copy anything, or even possibly overwrite any files I
had on the HD with the same filename.

"Bill in Co." <(E-Mail Removed)> wrote:

>Anyway, my question is, where was it trying to copy these files to? And
>could it have if I hit the cancel button in time (like two seconds later)?
>Hopefully it didn't copy anything, or even possibly overwrite any files I
>had on the HD with the same filename.

What kind of files are on the flash drive?

Some programs that are installed with digital camera installations
are/can be set to automatically copy graphic images to a particular
directory when a device with them is connected.

"Bill in Co." wrote in message
news:uR$(E-Mail Removed)...
> I've pretty much disabled this thing, but on occasion I slip up and
> forget, such as when I plug in a new USB device. As soon as that
> happens, a screen pops up and it starts copying files somewhere (who
> knows where), so I immediately hit the Cancel key to stop it. And
> then it stops, naturally. Who knows if it actually copied any files,
> and if so, where they were copied to.
>
> And then I go through and customize it to TAKE NO ACTION (which I
> think should be the *default action* for any new devices being
> plugged in).
>
> Anyway, my question is, where was it trying to copy these files to?
> And could it have if I hit the cancel button in time (like two
> seconds later)? Hopefully it didn't copy anything, or even possibly
> overwrite any files I had on the HD with the same filename.

Microsoft's KB article 136214

It shows the meaning of the bits in the NoDriveTypeAutoRun registry
key. The default values are 0x91 (1001001) and 0x95 (10010101) See:

Microsoft's KB article 895108

which says:

Microsoft Windows Server 2003 0x95
Microsoft Windows XP 0x91
Microsoft Windows 2000 0x95

In Windows XP, the bit to disable removable volumes is not set (to be
disabled). You might want to change the value to 0x95. This sets the
removable volume bit to 1 (which disables those devices from
auto-running). I would think this would include other removable drive
types, like USB drives. You could also use the TweakUI powertoy to
check which drives have autoplay enabled for them (under My
Computer -> AutoPlay -> Types, disable for removable drives).
However, the per-user registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

holds cached information about every removable device, like a memory
stick, that Windows has seen before, and that key overrides the
NoDriveTypeAutoRun setting. So if you insert a removable volume that
Windows already knows about, the cached value gets used instead of the
NoDriveTypeAutoRun setting. The class IDs or drive letters under the
MountPoints2 key will have an autorun or autoplay subkey.
MountPoints2 is a dynamic system registry key that does not permit
users to write to it, even admins, as it is only accessed by the
system account to update the cached information. While you cannot
edit the subkeys and their values, you can delete this registry key to
get it recompiled as you use Windows thereafter. As with anything for
the registry, save a backup .reg file of the folder or key that you
intend to modify or delete. Under that registry folder is the
subfolder of:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume

Go read
http://help.wugnet.com/windows/Micro...ict540563.html
for some info on how that key is used. However, by deleting the
parent MountPoints2 folder, you get rid of the unique IDs for each
removable device that has been installed before and whether they use
AutoRun/AutoPlay. Note that there are multiple MountPoints2 keys in
the registry (some being duplicates of each because there are really
only 2 real hives in the registry and the other pseudo-hives are
collations of those two real hives).

As to where the files got copied, you will have to look at the
autorun.inf file to see what program got called. If it was a batch
(script) file, you could go read the script. If it is a program, you
won't know unless you monitor the file copying while it occurs, like
using FileMon from SysInternals (which Microsoft bought).

Read
http://blogs.technet.com/steriley/ar...n-autorun.aspx.
See the linked article titled "Autorun: good for you?". You might
just want to disable auto-play on all drives.

"VanguardLH" <(E-Mail Removed)> wrote:

>Microsoft's KB article 136214
>
>It shows the meaning of the bits in the NoDriveTypeAutoRun registry
>key. The default values are 0x91 (1001001) and 0x95 (10010101) See:
>
>Microsoft's KB article 895108

[snip of some apparently really good stuff]

THAT should keep our under-the-hood boy busy for a day or two 8-D

PD43 wrote:
> "Bill in Co." <(E-Mail Removed)> wrote:
>
>> Anyway, my question is, where was it trying to copy these files to?
>> And
>> could it have if I hit the cancel button in time (like two seconds
>> later)?
>> Hopefully it didn't copy anything, or even possibly overwrite any files I
>> had on the HD with the same filename.
>
> What kind of files are on the flash drive?
>
> Some programs that are installed with digital camera installations
> are/can be set to automatically copy graphic images to a particular
> directory when a device with them is connected.

It wasn't a flash drive, it was a USB external hard drive enclosure, full of
about every type of file imaginable. So as soon as I connected it, that
weird file copying process automatically started (you know, the one where
you see this animated picture of a bunch of moving folders going across the
screen). Did I ask for that? Nooooo.

(Now who wrote that brilliant piece of code? Nevermind Yet another XP
great moment, going down in history :-)

Thanks, and I will investigate this further. :-)

VanguardLH wrote:
> "Bill in Co." wrote in message
> news:uR$(E-Mail Removed)...
>> I've pretty much disabled this thing, but on occasion I slip up and
>> forget, such as when I plug in a new USB device. As soon as that
>> happens, a screen pops up and it starts copying files somewhere (who
>> knows where), so I immediately hit the Cancel key to stop it. And
>> then it stops, naturally. Who knows if it actually copied any files,
>> and if so, where they were copied to.
>>
>> And then I go through and customize it to TAKE NO ACTION (which I
>> think should be the *default action* for any new devices being
>> plugged in).
>>
>> Anyway, my question is, where was it trying to copy these files to?
>> And could it have if I hit the cancel button in time (like two
>> seconds later)? Hopefully it didn't copy anything, or even possibly
>> overwrite any files I had on the HD with the same filename.
>
> Microsoft's KB article 136214
>
> It shows the meaning of the bits in the NoDriveTypeAutoRun registry
> key. The default values are 0x91 (1001001) and 0x95 (10010101) See:
>
> Microsoft's KB article 895108
>
> which says:
>
> Microsoft Windows Server 2003 0x95
> Microsoft Windows XP 0x91
> Microsoft Windows 2000 0x95
>
> In Windows XP, the bit to disable removable volumes is not set (to be
> disabled). You might want to change the value to 0x95. This sets the
> removable volume bit to 1 (which disables those devices from
> auto-running). I would think this would include other removable drive
> types, like USB drives. You could also use the TweakUI powertoy to
> check which drives have autoplay enabled for them (under My
> Computer -> AutoPlay -> Types, disable for removable drives).
> However, the per-user registry key:
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
>
> holds cached information about every removable device, like a memory
> stick, that Windows has seen before, and that key overrides the
> NoDriveTypeAutoRun setting. So if you insert a removable volume that
> Windows already knows about, the cached value gets used instead of the
> NoDriveTypeAutoRun setting. The class IDs or drive letters under the
> MountPoints2 key will have an autorun or autoplay subkey.
> MountPoints2 is a dynamic system registry key that does not permit
> users to write to it, even admins, as it is only accessed by the
> system account to update the cached information. While you cannot
> edit the subkeys and their values, you can delete this registry key to
> get it recompiled as you use Windows thereafter. As with anything for
> the registry, save a backup .reg file of the folder or key that you
> intend to modify or delete. Under that registry folder is the
> subfolder of:
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
>
> Go read
> http://help.wugnet.com/windows/Micro...ict540563.html
> for some info on how that key is used. However, by deleting the
> parent MountPoints2 folder, you get rid of the unique IDs for each
> removable device that has been installed before and whether they use
> AutoRun/AutoPlay. Note that there are multiple MountPoints2 keys in
> the registry (some being duplicates of each because there are really
> only 2 real hives in the registry and the other pseudo-hives are
> collations of those two real hives).
>
> As to where the files got copied, you will have to look at the
> autorun.inf file to see what program got called. If it was a batch
> (script) file, you could go read the script. If it is a program, you
> won't know unless you monitor the file copying while it occurs, like
> using FileMon from SysInternals (which Microsoft bought).
>
> Read
> http://blogs.technet.com/steriley/ar...n-autorun.aspx.
> See the linked article titled "Autorun: good for you?". You might
> just want to disable auto-play on all drives.

VanguardLH wrote:
>> Anyway, my question is, where was it trying to copy these files to?
>> And could it have if I hit the cancel button in time (like two seconds
>> later)? Hopefully it didn't copy anything, or even possibly overwrite
>> any files I had on the HD with the same filename.
>
> Microsoft's KB article 136214
>
> It shows the meaning of the bits in the NoDriveTypeAutoRun registry
> key. The default values are 0x91 (1001001) and 0x95 (10010101) See:
>
> Microsoft's KB article 895108
>
> which says:
>
> Microsoft Windows Server 2003 0x95
> Microsoft Windows XP 0x91
> Microsoft Windows 2000 0x95
>
> In Windows XP, the bit to disable removable volumes is not set (to be
> disabled). You might want to change the value to 0x95. This sets the
> removable volume bit to 1 (which disables those devices from
> auto-running). I would think this would include other removable drive
> types, like USB drives. You could also use the TweakUI powertoy to
> check which drives have autoplay enabled for them (under My Computer ->
> AutoPlay -> Types, disable for removable drives).

TweakUI ignores the default values, so once used, AutoRun
is enabled then for network and both types of 'unknown'
drives.
I've made a tool which hopefully sets the bit correctely
for the current user and for local machine:
http://www.uwe-sieber.de/files/autorunsettings.zip


> However, the per-user registry key:
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
>
> holds cached information about every removable device, like a memory
> stick, that Windows has seen before, and that key overrides the
> NoDriveTypeAutoRun setting.

That's new to me, thanks for the information. Do you know if it
overrides NoDriveTypeAutoRun set under HKEY_LOCAL_MACHINE too?



Uwe

"Uwe Sieber" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> VanguardLH wrote:
>>> Anyway, my question is, where was it trying to copy these files
>>> to? And could it have if I hit the cancel button in time (like two
>>> seconds later)? Hopefully it didn't copy anything, or even
>>> possibly overwrite any files I had on the HD with the same
>>> filename.
>>
>> Microsoft's KB article 136214
>>
>> It shows the meaning of the bits in the NoDriveTypeAutoRun registry
>> key. The default values are 0x91 (1001001) and 0x95 (10010101)
>> See:
>>
>> Microsoft's KB article 895108
>>
>> which says:
>>
>> Microsoft Windows Server 2003 0x95
>> Microsoft Windows XP 0x91
>> Microsoft Windows 2000 0x95
>>
>> In Windows XP, the bit to disable removable volumes is not set (to
>> be disabled). You might want to change the value to 0x95. This
>> sets the removable volume bit to 1 (which disables those devices
>> from auto-running). I would think this would include other
>> removable drive types, like USB drives. You could also use the
>> TweakUI powertoy to check which drives have autoplay enabled for
>> them (under My Computer -> AutoPlay -> Types, disable for removable
>> drives).
>
> TweakUI ignores the default values, so once used, AutoRun
> is enabled then for network and both types of 'unknown'
> drives.
> I've made a tool which hopefully sets the bit correctely
> for the current user and for local machine:
> http://www.uwe-sieber.de/files/autorunsettings.zip
>
>
>> However, the per-user registry key:
>>
>> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
>> holds cached information about every removable device, like a
>> memory stick, that Windows has seen before, and that key overrides
>> the NoDriveTypeAutoRun setting.
>
> That's new to me, thanks for the information. Do you know if it
> overrides NoDriveTypeAutoRun set under HKEY_LOCAL_MACHINE too?


Don't know for sure but would expect user configuration to override
global configuration.

sounds to me like a small misunderstanding.
everytime you plug in a usb storage device windows checks the contents of
the drive to see what the most logical actions are.
this process looks a lot like a copying/moving dialog.

when windows is done checking all files, it will popup asking you what to do
based on the content.
in most(but not all) cases you can select an option to always be performed
on that content type.

"Bill in Co." wrote:

> I've pretty much disabled this thing, but on occasion I slip up and forget,
> such as when I plug in a new USB device. As soon as that happens, a screen
> pops up and it starts copying files somewhere (who knows where), so I
> immediately hit the Cancel key to stop it. And then it stops, naturally.
> Who knows if it actually copied any files, and if so, where they were copied
> to.
>
> And then I go through and customize it to TAKE NO ACTION (which I think
> should be the *default action* for any new devices being plugged in).
>
> Anyway, my question is, where was it trying to copy these files to? And
> could it have if I hit the cancel button in time (like two seconds later)?
> Hopefully it didn't copy anything, or even possibly overwrite any files I
> had on the HD with the same filename.
>
>
>

thedicemaster <(E-Mail Removed)> wrote:

>sounds to me like a small misunderstanding.

Umm... nice, timely response bucko. That post you replied too was 22
days old.