Disabling Autorun

[RDK]

Hi folks....I've been reading about Autorun as a security threat and decided
to try to disable it. I'm running XP Pro SP3 fully patched, including
KB967715.

Many of the web discussions on the problem indicate that one should use
GPEDIT to change the Local Policy, When I open GPEDIT / Computer
Configuration / Administrative Templates, the only entry I see there is
Windows Components.

Where am I going wrong???

My goal is to disable autorun on CD's. DVD's, USB and other memory cards,
external drives, floppy drives and zip drives. When/If successful here I
also have a XP Home PC which I want to fix to be the same.

Thanks in advance for your help.....RDK

 

[Jose]

Hi folks....I've been reading about Autorun as a security threat and decided
to try to disable it.  I'm running XP Pro SP3 fully patched, including
KB967715.

Many of the web discussions on the problem indicate that one should use
GPEDIT to change the Local Policy,  When I open GPEDIT / Computer
Configuration / Administrative Templates, the only entry I see there is
Windows Components.

Where am I going wrong???

My goal is to disable autorun on CD's. DVD's, USB and other memory cards,
external drives, floppy drives and zip drives.  When/If successful hereI
also have a XP Home PC which I want to fix to be the same.

Thanks in advance for your help.....RDK

For your GPEdit issue, it sounds like you have missing templates but
they are easy to install.

In GPEdit, right click Administrative Templates, Add/Remove Templates.

Usually, you would see:

conf
inetres
system
wmplayer
wuau

Click Add and it will open a folder where you can Add the missing
components to match the usually in there list, or to match the list on
some system that is working properly.

Reboot to make sure the changes stick.

Each component has a story you can Google for more information.

Here is a good place to start:

http://support.microsoft.com/default.aspx?scid=kb;en-us;816662

Group Policy Editor is not available in XP Home, but if you can launch
it, that must not be you.

For your AutoPlay thing, you may want to investigate the popular free
Tweak UI program. Some things are easier to understand and accomplish
with Tweak UI and you can uninstall it if you don't like it. You may
like it.

Get it here:

http://www.microsoft.com/windowsxp/Downloads/powertoys/Xppowertoys.mspx

It will give you some friendlier ways to do things (like disable
AutoPlay for drives) and will work with all versions of XP.

 

[John Wunderlich]

Hi folks....I've been reading about Autorun as a security threat
and decided to try to disable it. I'm running XP Pro SP3 fully
patched, including KB967715.

Many of the web discussions on the problem indicate that one
should use GPEDIT to change the Local Policy, When I open GPEDIT
/ Computer Configuration / Administrative Templates, the only
entry I see there is Windows Components.

Where am I going wrong???

Right-click on "Administrative Templates", then "Add/Remove Templates".

My goal is to disable autorun on CD's. DVD's, USB and other memory
cards, external drives, floppy drives and zip drives. When/If
successful here I also have a XP Home PC which I want to fix to be
the same.

Thanks in advance for your help.....RDK

"How to disable the Autorun functionality in Windows"
<http://support.microsoft.com/kb/967715>

HTH,
John

 

[VanguardLH]

Hi folks....I've been reading about Autorun as a security threat and decided
to try to disable it. I'm running XP Pro SP3 fully patched, including
KB967715.

Many of the web discussions on the problem indicate that one should use
GPEDIT to change the Local Policy, When I open GPEDIT / Computer
Configuration / Administrative Templates, the only entry I see there is
Windows Components.

Where am I going wrong???

My goal is to disable autorun on CD's. DVD's, USB and other memory cards,
external drives, floppy drives and zip drives. When/If successful here I
also have a XP Home PC which I want to fix to be the same.

Thanks in advance for your help.....RDK

Get Microsoft's TweakUI powertoy and use it to disable autorun. In
TweakUI, go to the following tree node:

My Computer
|___ AutoPlay
|___ Types

Although it says it is an auto-play option (which is used to determine
what handler gets used for what content on a CD/DVD drive), the Types
settings modify the following auto-run registry key:

Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Item: NoDriveTypeAutoRun

Since that is under the HKEY_CURRENT_USER hive, changes the settings are
effected only under your account. You would have to logon under each
account to use TweakUI (or gpedit) to change the setting under each
account, or edit the HKEY_USERS hive to make changes on all accounts
without having to log into each account.

If you want to use the group policy editor (gpedit.msc) then go to its
following tree node:

Local Computer Policy
|___ Computer Configuration
|___ Administrative Templates
|___ System

You can disable auto-play (aka auto-run) there. You'll probably want to
disable it on all drives. Gpedit lets you disable/enable auto-play on
all drives or just on CD/DVD drives. Selecting all drives results in
using a hex value of FF in the NoDriveTypeAutoRun registry item.

TweakUI doesn't let you disable auto-play on all drives (because the
setting is rather meaningless) and instead offers to disable/enable
auto-play on CD/DVD drives or removable drives (e.g., USB thumb drives)
or both. That results in setting NoDriveTypeAutoRun to B5 hex.

This registry value is a bit mask. Convert the hex value to binary and
each 1 in that value represents where auto-play is disabled (you are
enabling the disable). http://support.microsoft.com/kb/967715 for info
on what each bit means in the mask.

TweakUI: Turn off auto-play on CD/DVD drives and removable drives
Value: B5 hex = 1011 0101 binary
Disables: bit 0 = drives of unknown type
2 = removable drives
4 = network drives
5 = CD-ROM drives
7 = reserved

gpedit: Turn off auto-play on all drives
Value: FF hex = 1111 1111 binary
bit 0 = drives of unknown type
1 = (reserved)
2 = removable drives
3 = fixed drives
4 = network drives
5 = CD-ROM drives
6 = RAM disks
7 = (reserved)

I don't see when auto-play would be applicable to fixed or RAM disks so
the settings used by TweakUI are sufficient. gpedit just disables (sets
the disable) all of them when you select all drives.

As to you not seeing the System subnode in gpedit's tree, are you logged
under an administrator account when you use gpedit? Are you logged
under a local admin account or under a domain account (in which you've
been granted some admin rights on your host)?

 

[VanguardLH]

Get Microsoft's TweakUI powertoy and use it to disable autorun. In
TweakUI, go to the following tree node:

My Computer
|___ AutoPlay
|___ Types

Although it says it is an auto-play option (which is used to determine
what handler gets used for what content on a CD/DVD drive), the Types
settings modify the following auto-run registry key:

Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Item: NoDriveTypeAutoRun

Since that is under the HKEY_CURRENT_USER hive, changes the settings are
effected only under your account. You would have to logon under each
account to use TweakUI (or gpedit) to change the setting under each
account, or edit the HKEY_USERS hive to make changes on all accounts
without having to log into each account.

If you want to use the group policy editor (gpedit.msc) then go to its
following tree node:

Local Computer Policy
|___ Computer Configuration
|___ Administrative Templates
|___ System

You can disable auto-play (aka auto-run) there. You'll probably want to
disable it on all drives. Gpedit lets you disable/enable auto-play on
all drives or just on CD/DVD drives. Selecting all drives results in
using a hex value of FF in the NoDriveTypeAutoRun registry item.

TweakUI doesn't let you disable auto-play on all drives (because the
setting is rather meaningless) and instead offers to disable/enable
auto-play on CD/DVD drives or removable drives (e.g., USB thumb drives)
or both. That results in setting NoDriveTypeAutoRun to B5 hex.

This registry value is a bit mask. Convert the hex value to binary and
each 1 in that value represents where auto-play is disabled (you are
enabling the disable). http://support.microsoft.com/kb/967715 for info
on what each bit means in the mask.

TweakUI: Turn off auto-play on CD/DVD drives and removable drives
Value: B5 hex = 1011 0101 binary
Disables: bit 0 = drives of unknown type
2 = removable drives
4 = network drives
5 = CD-ROM drives
7 = reserved

gpedit: Turn off auto-play on all drives
Value: FF hex = 1111 1111 binary
bit 0 = drives of unknown type
1 = (reserved)
2 = removable drives
3 = fixed drives
4 = network drives
5 = CD-ROM drives
6 = RAM disks
7 = (reserved)

I don't see when auto-play would be applicable to fixed or RAM disks so
the settings used by TweakUI are sufficient. gpedit just disables (sets
the disable) all of them when you select all drives.

As to you not seeing the System subnode in gpedit's tree, are you logged
under an administrator account when you use gpedit? Are you logged
under a local admin account or under a domain account (in which you've
been granted some admin rights on your host)?

Oops, a correction.

TweakUI changes the following per-account registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Item: NoDriveTypeAutoRun

However, gpedit modifies the following local machine (global) registry
key:

Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Item: NoDriveTypeAutoRun

TweakUI only changes auto-play/run for your account under which you are
logged under. gpedit changes it on the machine. The machine settings
override the per-account settings. So you could use TweakUI to enable
auto-play under your account but if gpedit disabled auto-play on your
machine then they remain disabled under your account.