再寫一篇就算是禁用USB儲存裝置,也不會影響USB鍵盤、USB滑鼠的方法 ψ(._. )> 筆記
參考文章如 http://www.pczone.com.tw/vbb3/thread/3/105874/#post775946
首先準備 XcAcls.exe 程式與擁有 Administrator 權限的帳號
官網 Windows 2000 Resource Kit Tool: Xcacls.exe
說明 Download 直接下載 xcacls_setup.exe
性質 en / Windows 2000 (Windows NT)
版本 5.2.3631.0 / 2002.05.15
XcAcls.exe 大小 44.0 KB
XcAcls.exe MD5: 78FD41A1E1D2CF1C7657CF80BDDE1164
XcAcls.exe SHA-1: ACB97223F909AB20DD0B0E655A8869E78B056D2B
不過有些注意事項:
1. 此方法只針對C槽為 NTFS 格式才有效,因為 XcAcls.exe,FAT 格式轉 NTFS 請用 convert 指令
2.會寫入regedit,所以執行時需要 Administrator 權限
3. XcAcls.exe 需放在與 cmd 下指令同一目錄
關閉 UsbstorDisableNoKB.bat
XcAcls.exe %systemroot%\inf\usbstor.inf /d everyone /y
XcAcls.exe %systemroot%\inf\usbstor.pnf /d everyone /y
啟用 UsbstorEnableNoKB.bat
XcAcls.exe %systemroot%\inf\usbstor.inf /g everyone:r /y
XcAcls.exe %systemroot%\inf\usbstor.pnf /g everyone:r /y
4. 執行disable後請馬上重開機,才能生效
5. 測試過的作業系統有 Windows 2000 / Windows 2003 / Windows XP / Windows 7
6.
7. 寫這篇反覆測試很久,欲轉貼務必請註明出處與作者,謝謝
其他 XcAcls.exe 語法
XCACLS filename [/T] [/E|/X] [/C] [/G user:perm;spec] [/R user [...]]
[/P user:perm;spec [...]] [/D user [...]] [/Y]
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all subdirectories.
/E Edit ACL instead of replacing it.
/X Same as /E except it only affects the ACEs that the
specified users already own.
/C Continue on access denied errors.
/G user:perm;spec Grant specified user access rights.
Perm can be: R Read
C Change (write)
F Full control
P Change Permissions (Special access)
O Take Ownership (Special access)
X EXecute (Special access)
E REad (Special access)
W Write (Special access)
D Delete (Special access)
Spec can be the same as perm and will only be
applied to a directory. In this case, Perm
will be used for file inheritence in this
directory. If not omitted: Spec=Perm. Special values
for Spec only:
T Not Specified (for file inherit,
only for dirs valid)
At least one access right has to follow!
Entries between ';' and T will be ignored!
/R user Revoke specified user's access rights.
/P user:perm;spec Replace specified user's access rights.
for access right specification see /G option
/D user Deny specified user access.
/Y Replace user's rights without verify
Wildcards can be used to specify more that one file in a command.
You can specify more than one user in a command.
You can combine access rights.
Xcacls Examples
Example 1
The following command replaces the ACL of all files and directories in the current directory without scanning subdirectories and without confirmation.
XCACLS *.* /G administrator:RW /Y
Example 2
The following command edits the ACL of a file or a directory, but its effect on a directory is different. The ACE added to the directory is also an inherit ACE for new files created in this directory.
In this example, the command gives TestUser read, write, run, and delete rights on all new files created in this directory, but only read and write permissions on the directory itself.
XCACLS *.* /G TestUser:RWED;RW /E
Example 3
The following command grants read and write permissions on a directory without creating an inherit entry for new files. Therefore, in this example, new files created in this directory get no ACE for TestUser. For existing files, an ACE with read permissions is created.
XCACLS *.* /G TestUser:R;TRW /E
沒有留言:
張貼留言