In the place where I work we have sensitive data on our computers that need to stay there but we regularly update our data so we need a way to disallow copying to a flash drive but allow copying from the flash drive to the computer. Currently we’re doing that with the windows registry key StorageDevicePolicies–>writeprotect(1) but since anyone with some computer knowledge can undo this it’s not secure enough. I searched but couldn’t find anything online so I decided to develop it myself. The problem is I don’t have any experience working with hardware I mostly develop database applications in c sharp. So I would appreciate a solution in c sharp but anything that can help is highly appreciated.
Share
If they have admin rights, then any C# program you write can be shutoff just as easily as they can change the registry key. The real solution is to modify user rights, and possibly remove flash drive capabilities and use network shares instead when data needs to be copied to machines.
If anything, I might just make a service with an unassuming name that polls the registry key periodically to see if it’s been flipped, and if it has then notify IT staff, who would then commandeer the computer, flash drive, and event logs(showing the registry key was changed by that user), and then refer them and the logs to management. This assumes employees have been thoroughly and frequently warned that copying data off machines is strictly against the rules. Sometimes it is not clear to a user when an IT road block is just poorly managed IT, or a company policy.
Alternatively, you could make the service force the bit back if it is changed, but then trial and error will allow a user with admin rights to discover which service needs to be shut down to prevent this.