Why, I think it's quite reliably... If you disable, say, usbstor driver
(That's what generally suggested, and UserLock acts same way i
suppose. Or which exactly registry mods do you mean?) then user will not be
able to use any USB Storage device and AFAIK it's quite reliable solution.
For added reliability you can change DACL for service(driver) in question.
HOW TO: Disable the Use of USB Storage Devices in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
Here's an administrative template I use
(watch for line wraps in [strings]section!):
;=============8<============
;Removable media, serial ports and
;parallel ports access policy settings.
;
;Original Template from (in russian):
;
http://portal.sysadmins.ru/board/viewtopic.php?t=13680&start=7
;
;Version: 1.0.2
CLASS MACHINE
CATEGORY !!CATDESCR
KEYNAME !!REGKEY
POLICY !!FDDDESCR
KEYNAME !!FDDREGKEY
#if VERSION >= 3
EXPLAIN !!FDDEXPLAIN
#endif
VALUENAME "Start"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 3
END POLICY ; Block FDD
POLICY !!USBDESCR
KEYNAME !!USBREGKEY
#if VERSION >= 3
EXPLAIN !!USBEXPLAIN
#endif
VALUENAME "Start"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 3
END POLICY ; Block USB
POLICY !!CDROMDESCR
KEYNAME !!CDROMREGKEY
#if VERSION >= 3
EXPLAIN !!CDROMEXPLAIN
#endif
VALUENAME "Start"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 1
END POLICY ; Block CD-ROM
POLICY !!LPTDESCR
KEYNAME !!LPTREGKEY
#if VERSION >= 3
EXPLAIN !!LPTEXPLAIN
#endif
VALUENAME "Start"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 1
END POLICY ; Block LPT port
POLICY !!SERDESCR
KEYNAME !!SERREGKEY
#if VERSION >= 3
EXPLAIN !!SEREXPLAIN
#endif
VALUENAME "Start"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 1
END POLICY ; Block Serial ports
END CATEGORY ; Block devices
[STRINGS]
CATDESCR="Block removable storage/ports"
REGKEY="system\currentcontrolset\services"
FDDDESCR="Block Floppy drives"
FDDREGKEY="system\currentcontrolset\services\flpydisk"
FDDEXPLAIN="This policy removes the ability of user to access floppy drives.
Note that this is not a standard registry-based policy. You will need to
explicitly disable this policy to revert changes."
USBDESCR="Block USB Storage"
USBREGKEY="system\currentcontrolset\services\usbstor"
USBEXPLAIN="This policy removes the ability of user to access USB Storage
drives. Note that this is not a standard registry-based policy. You will
need to explicitly disable this policy to revert changes."
CDROMDESCR="Block CD-ROM drives"
CDROMREGKEY="system\currentcontrolset\services\cdrom"
CDROMEXPLAIN="This policy removes the ability of user to access CD-ROM
drives. Note that this is not a standard registry-based policy. You will
need to explicitly disable this policy to revert changes."
LPTDESCR="Block LPT ports"
LPTREGKEY="system\currentcontrolset\services\parport"
LPTEXPLAIN = "This policy removes the ability of user to access LPT ports or
any devices connected to LPT ports. Note that this is not a standard
registry-based policy. You will need to explicitly disable this policy to
revert changes."
SERDESCR="Block Serial ports"
SERREGKEY="system\currentcontrolset\services\serial"
SEREXPLAIN="This policy removes the ability of user to access Serial ports
or any devices connected to Serial ports. Note that this is not a standard
registry-based policy. You will need to explicitly disable this policy to
revert changes."
;=============8<============
hth,
Al.
