Security Basics mailing list archives
Re: USB ports Network
From: MaddHatter <maddhatt+securitybasics () cat pdx edu>
Date: Thu, 3 May 2007 11:38:59 -0700
Each drive will create an admin share. You can simply look at how many admin shares your machines have (try to map to f$, g$, etc through script.)
An admin share will only appear if there is plugged in a USB mass storage device at the time the scan takes place. This doesn't tell you anything about the state of the USB ports themselves, nor does it reveal any USB non-mass-storage devices. I don't have an a ready example I can give you, but you should be able to write a WMI script that looks for instances of Win32_USBController and/or Win32_USBHub (which will enumerate the root hubs if they are enabled in the BIOS and Windows has loaded a driver for them). Just look for an example of a WMI script that enumerates hotfixes or users or something, and change the class name to Win32_USB*. WMI will let you connect remotely to other computers if you have admin rights on them (and access to the DCOM ports), so a script could iterate over all the computers in your domain (which could also be pulled via the same script from AD if you wanted). If you have WMI questions, you can ask here or you might get better help from the MS WMI-related newsgroups.
Current thread:
- USB ports Network Tornado (May 02)
- RE: USB ports Network Scott Ramsdell (May 02)
- Re: USB ports Network MaddHatter (May 03)
- RE: USB ports Network Nick Vaernhoej (May 02)
- RE: USB ports Network DELFOSSE Frédéric (May 02)
- Re: USB ports Network phillip (May 02)
- Re: USB ports Network Tornado (May 03)
- <Possible follow-ups>
- RE: USB ports Network Andy Cuff (May 03)
- Re: USB ports Network Tornado (May 04)
- RE: USB ports Network Scott Ramsdell (May 02)