FixItButton1

How to use Group Policy settings to disable all Autorun features in Windows

Method 1

  1. In RUN Box, type Gpedit.msc  then press ENTER.
  2. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.
  3. In the Details pane, double-click Turn off Autoplay.
  4. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
  5. Restart the computer.

Method 2

In RUN Box, type Gpedit.msc  then press ENTER.

  1. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.
  2. In the Details pane, double-click Default Behavior for AutoRun.
  3. Click Enabled, and then select Do not execute any autorun commands in the Default Autorun behaviorbox to disable Autorun on all drives.
  4. Restart the computer.

How to use Group Policy settings to disable all Autorun features in Windows Server 2003, Windows XP Professional, and Windows 2000

  1. Click Start, click Run, type Gpedit.msc in the Open box, and then click OK.
  2. Under Computer Configuration, expand Administrative Templates, and then click System.
  3. In the Settings pane, right-click Turn off Autoplay, and then click Properties.Note In Windows 2000, the policy setting is named Disable Autoplay.
  4. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
  5. Click OK to close the Turn off Autoplay Properties dialog box.
  6. Restart the computer.

How to disable or enable all Autorun features in Windows 7 and other operating systems

Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003,or Windows XP

Fix it for me

To disable or enable Autorun automatically, click the appropriate Fix this problem link. Then, click Run in theFile Download dialog box and follow the steps in this wizard.

Disable Autorun Enable Autorun
Fix this problem
Microsoft Fix it 50471

To disable Autorun yourself on operating systems that do not include Gpedit.msc, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following entry in the registry:
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoDriveTypeAutorun
  3. Right-click NoDriveTypeAutoRun, and then click Modify.
  4. In the Value data box, type 0xFF to disable all types of drives. Or, to selectively disable specific drives, use a different value as described in the “How to selectively disable specific Autorun features” section.
  5. Click OK, and then exit Registry Editor.
  6. Restart the computer.

How to selectively disable specific Autorun features

To selectively disable specific Autorun features, you must change the NoDriveTypeAutoRun entry in one of the following registry key subkeys:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionpoliciesExplorer

The following table shows the settings for the NoDriveTypeAutoRun registry entry.

Value Meaning
0x1 or 0x80 Disables AutoRun on drives of unknown type
0x4 Disables AutoRun on removable drives
0x8 Disables AutoRun on fixed drives
0x10 Disables AutoRun on network drives
0x20 Disables AutoRun on CD-ROM drives
0x40 Disables AutoRun on RAM disks
0xFF Disables AutoRun on all kinds of drives

The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for. For example, if you want to disable Autorun for network drives only, you must set the value of NoDriveTypeAutoRun registry entry to 0x10.

If you want to disable Autorun for multiple drives, you must add the corresponding hexadecimal values to the 0x10 value. For example, if you want to disable Autorun for removable drives and for network drives, you must add 0x4 and 0x10, which is the mathematical addition of 2 hexadecimal values, to determine the value to use. 0x4 + 0x10 = 0x14. Therefore, in this example, you would set the value of the NoDriveTypeAutoRun entry to 0x14.

The default value for the NoDriveTypeAutoRun registry entry varies for different Windows-based operating systems. These default values are listed in the following table.

Operating system Default value
Windows Server 2008 and Windows Vista 0x91
Windows Server 2003 0x95
Windows XP 0x91
Windows 2000 0x95

Registry entry that is used to control the behavior of the current update

All the fixes in the current update for Windows XP and for Windows Server 2003 are included in the HonorAutorunSetting registry entry in the following subkey:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer

Registry Value

Value Data type Range Default value
HonorAutorunSetting REG_DWORD 0x0–0xFF 0x01

Note For Windows Server 2003 and Windows XP, all changes of this update are controlled by the HonorAutorunSetting registry entry so that you can revert to the previous configuration if it is required. This entry is not valid for Windows 2000, Windows Vista, or Windows Server 2008 users.

When you install update 967715, the HonorAutorunSetting registry key is created only in the HKEY_LOCAL_MACHINE registry hive. The registry key has a default value of 0x1. This value enables the functionality that is present in the current update. Before you install the current update, this registry key is not present in the system. You can obtain prepackage installation Autorun behavior by manually setting the registry key to 0. To do this, type 0 instead of 1 in step 6 of the following procedures to manually set the registry key. HonorAutorunSetting is always read from the HKEY_LOCAL_MACHINE registry hive even if the HonorAutorunSetting entry is also configured in the HKEY_CURRENT_USER registry hive.

How to set the HonorAutorunSetting registry key manually

Windows Server 2003 and Windows XP

  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer
  4. Right-click in the right side pane, point to New, and then click DWORD Value.
  5. Type HonorAutorunSetting, and then press ENTER.
  6. In the Value data box, type 1, click Hexadecimal if it is not already selected, and then click OK.
  7. Exit Registry Editor.
  8. Restart the system for the new settings to take effect.

How to prevent Autorun.inf files from being created on shares

To prevent the Autorun feature from being invoked, and to keep any programs from writing Autoun.inf files to mapped network drives, follow these steps:

  1. Delete any Autorun.inf files from the root of a mapped network drive.
  2. Do not give anyone Create rights to the root of a mapped network drive.

Note After you implement this procedure, Autorun features will not be available from network drives.

How to prevent users from connecting to USB storage devices

The following Microsoft Knowledge Base article contains two methods to prevent users from connecting to a USB storage device:

823732 How can I prevent users from connecting to a USB storage device?

Note After you implement one of these procedures on a system, USB storage devices no longer function on the system.

 

SOURCE – MICROSOFT