Sign in with
Sign up | Sign in
Your question

Seek Bypass to Deliberately-Disabled USB Ports

Last response: in Windows XP
Share
November 18, 2008 11:30:30 PM

My wife's employer, which runs a large (several thousand machines) 24/7 network of PCs running XP Pro, recently implemented a network-wide disabling of USB ports on all the client workstations. Most of the workstations are Compaq dc 7600 machines. This was done supposedly to try and eliminate introduction and re-introduction of malware that is allegedly being traced to a mixture of company-owned or personally-owned thumb drives as the source. The theory is: disable the use of ALL thumb drives, scan and clean the virus du jour off the entire network and the thumb drive prohibition will ensure no re-infection. While this is a well-intentioned move on the part of management, it imposes severe work (and convenience) limitation on users and is rapidly moving beyond tolerability.

I told my wife I would try and figure out if there is some way to implement a bypass on her machine only that would not be detectable by administrators. She is not worried about "being caught" with add-on cables or similar attached to her machine. Is there some sort of peripheral add-on device that could be plugged into some other unused port (serial, parallel, whatever) that could be used to connect a thumb drive? Or some other workaround?

Complicating this is the fact that the administrators have always maintained a tight lock on users. Users have VERY little capability/privilege to modify their own workstations. She can't add or remove any software, for example.

It is not clear how the disabling was done, but based on the number of machines whose USB function was disabled in under 24 hours, it appears to have been something done via remote logins or the same process by which admins apply patches, etc. Using Device Manager on her machine, all the entries in the USB section (hub, controllers, ports) all claim that each device is working properly. When a thumb drive is inserted into an unused USB port, there is a couple of "donk" tones and the drive is not recognized or seen. To further muddy the waters, she has a laser printer plugged into one of her USB ports as a local machine (LPT1) that still functions completely normally, as does the BlackBerry cable plugged into another USB port.

Thus, its not clear if it was a USB function that was disabled or the admin people figured out how to disable (refuse to recognize?) thumb drives specifically, or something else.

This is an over-reaction by the employers and needlessly making life hard for employees. She doesn't want to damage any equipment, cause any harm, etc - she just wants to be able to use a thumb drive when necessary, just like all the employees could freely do for the last many years, largely without restriction.

Any suggestions?
November 20, 2008 7:12:22 AM

why is it an inconvenience? use email, or the company shared drive... Im an IT Admin and it annoys the life outta me when really important data is transferred using USB drives when we purposefully implemented secure areas on the network that only those users have access to.

we've had a large increase of malware being transferred by USB ourselves and have thought of banning them aswell, we dont understand why you need them as a normal user as you can use email or a shared network drive.

btw it just sounds like the drive letter for the usb stick isnt being implemented, which can be changed but if you do not have the permissions to do so its tough luck really there is no way around this, plus its very likely in a big corporation that they will employ advanced software that will red flag her machine as soon as a usb drive is detected and mounted, and could be considered a sackable offence. I just wouldnt try it tbh.
November 22, 2008 5:07:40 AM

Here's the problem; if you need to ask, then you don't know enough to do it with any assurance of avoiding detection. You can't even provide any meaningful information about the method being used to prevent the use of USB drives. Without knowing exactly what the IT department has implemented here, we could only speculate in a manner that is tantamount to playing Russian roulette with your wife's job.
Related resources
December 28, 2010 2:14:17 PM

Hi armycolonel,

I apologize for the other very unhelpful posts on here. Sometimes IT Admins (myself included) get a bit sensitive when "users" try to circumvent their authority :) 

That being said, my wife had the same exact issue at her corporation. While I do understand the need for tight security, there ARE instances when a USB is almost the only solution (transporting large or numerous files HOME to work on, for example). BTW- the practice of removing files from her office is NOT forbidden, but they give no other options for transport... and email is just a terrible idea! Unless you're sticking to an internal email server it's just crazy! Also, their remote desktop software is pretty weak (I never said it was a GOOD IT dept.).

Anyway, I found that for her, the best solution for those awful work-at-home weekends was to give her as OS on a disc (Ubuntu, whatever). She would then copy files she needed from the network to her local PC, then boot the Ubuntu LiveCD and copy files to her USB drive. Of course, you'll need a working CD drive for this to work and she may have that locked-down as well. When she arrived back Monday morning, she just reversed the process and IT was none the wiser.

Hope this helps.. and like the other IT Admins expressed - make sure the worst she could experience is a slap on the wrist if she gets caught - some companies are more Draconian than others.
a b 8 Security
December 28, 2010 2:22:41 PM

The way around this it to talk to the IT people and ask how she can move work files around. Almost every computer usage policy includes being fired as one of the consequences for non-compliance. Every user in the building has this same thought that any restriction is silly and should not apply to them becuase THEY are safe and don't ever have viruses. Just like 90% of drivers think they are above average in skill or smokers think cancer is something that happens to the other smokers but won't happen to them.

I had someone ask for help in going to some hotel booking site on a critical care computer that runs an operating room instrument software. Harmless no? Till some link she clicks on leads to an infected site, and it brings down a bank of computers that stop an operation in progress. The funny part is that this request actually got past our 1st tier helpdesk.
December 28, 2010 2:31:11 PM

hang-the-9 said:
The way around this it to talk to the IT people and ask how she can move work files around. Almost every computer usage policy includes being fired as one of the consequences for non-compliance. Every user in the building has this same thought that any restriction is silly and should not apply to them becuase THEY are safe and don't ever have viruses. Just like 90% of drivers think they are above average in skill or smokers think cancer is something that happens to the other smokers but won't happen to them.



I agree, hang-the-9. Unfortunately, there are some really incompetent IT departments out there - I won't bore everyone with some of the past exploits of my wife's IT company but when her manager, an SVP in charge of her department started calling ME for IT help, you know it's bad.

It's a shame too - I have worked with and known some really good IT folks - people who remain sensitive to user perspective and try to strike a healthy balance between workability and security.
a b 8 Security
December 28, 2010 2:39:41 PM

only1miller said:
I agree, hang-the-9. Unfortunately, there are some really incompetent IT departments out there - I won't bore everyone with some of the past exploits of my wife's IT company but when her manager, an SVP in charge of her department started calling ME for IT help, you know it's bad.

It's a shame too - I have worked with and known some really good IT folks - people who remain sensitive to user perspective and try to strike a healthy balance between workability and security.


The thing is, in situations like this, the implimentation of a system-wide USB drive lockout is not done by a single person, nor one department. You have the IS security person or persons that think about doing this. It goes to a few other people for technical ideas on how do do this, in meetings they talk about the concequences (how to deal with people who want to use USB drives, workarounds for them, exceptions that need to be made). It then goes up to the business VIPs to get their approval, up to the CIO maybe the CEO. While one or even a number of people can be unsuited for their jobs, in a large organization with thousands of computers, it gets balanced out by those that think ahead and plan well. That includes a policy in place that spells out how to deal with a user that needs to move files from PC to PC, maybe even to a home PC. I can bet that even if a PC tech does not have the power to enforce a punishment on those that try to hack the system, the CEO/CIO/managers who set the policy in place do.
December 28, 2010 2:49:57 PM

Again, I would normally agree.. and would love to explain the environment I'm talking about but then, I'd have to bore you to tears citing example after example of how this IT group is inept from the bottom to the top. We're talking nepotism, a CIO who can't turn on his own PC and an IT group that is made up of sycophants and schlubs. It's really an interesting environment, but in my work as an IT consultant, not entirely unique.

Anyway, I don't want to debate the morality of defying corporate IT policy. I just like answering questions with answers. I kind of get annoyed when reply posts contain only warnings and admonishments without any useful information.
!