IT administrators can now determine the status of USB connectivity, whether it is enabled or disabled, on Windows devices managed through SureMDM. Knowing the USB status is critical for audit and compliance purposes. Organizations often require USB ports to be disabled to prevent unauthorized data transfer, malware infections, or to meet specific IT security policies.
Purpose
This functionality supports continuous monitoring and enables visibility, which helps in tracking USB status across enrolled Windows devices to ensure adherence to company standards.
Prerequisites
- Access to the SureMDM account.
- Permission to Account settings, create and apply jobs, and add custom columns.
- Windows devices enrolled and managed through SureMDM should be online.
- Windows agent version >=6.08.0
Note: USB ports can also be enabled or disabled using a preconfigured script available under RunScripts for the Windows platform within SureMDM.
Steps
- Log in to the SureMDM Console.
- Navigate to the Settings icon, which is top right corner
- Now, click on Account settings
- Device Properties → Properties → Custom Device Properties → Add → OK
- Fill in the fields as follows:
Platform → Windows
Key → USB Value
Value → String
- Check the box “Retrieve Value using Script.”
- Enter the script below in the given box
[bool](((Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR' -Name 'Start' -ErrorAction SilentlyContinue).Start -eq 4))- Set the Frequency to retrieve the value to 15 minutes.
- To display the USB status in the SureMDM device list:
- Click on the grid icon next to the grid refresh button.
- Go to Custom Properties.
- Find and select the key you just created.
- Click Save.
- After 15 minutes, the output is as follows:
→ True, if the USB is disabled.
→ False, if the USB is enabled.
Need help? CONTACT US