Disabling AutoPlay and Autorun

In very recent news you have likely heard of someone putting infected USB drives into mailboxes, although this is happening in Australia it is still incredibly relevant no matter where in the world you may be. It is always in good practice to never, and I mean never, plug in a random USB thumb drive you might have found out in the wild. This is one of the tried and true methods that gets malware installed on your computer because of a built-in “feature” of Windows called AutoPlay in addition to AutoRun, and also because most people will think one of two things:

  1. Oh, free thumb drive!
  2. Oh, someone might have lost this, let me see if their name or contact information is on it!

The best course of action is to just throw them away. But, in the off chance that you do put a USB thumb drive in your computer, you better hope that AutoPlay and Autorun is disabled. That is what I’m going to show you how to configure today on standalone workstations and on a domain with Group Policy.

Method 1 – Standalone Workstation

Note: As far as I am aware, this method is the same across most modern versions of the Windows operating system.

Option 1 – Control Panel

  1. Open Control Panel
  2. Click on AutoPlay
  3. Uncheck the box for Use AutoPlay for all media and devices
  4. Under the Removable Drives section set the following:
    1. Removable drive – Take no action

You can take this even further by going through the rest of the sections and setting everything to Take no action if you would like. Once you are done setting things to Take no action, go ahead and click Save and you are all set.

Option 2 – Local Group Policy (Preferred Option)

  1. Open the Run prompt on your PC (Windows + R), type in gpedit.msc, then click OK
  2. Once the Local Group Policy Editor opens, navigate to Computer Configuration/Administrative Templates/Windows Components/AutoPlay Policies
  3. Double-click on Turn off Autoplay, set it to Enabled, and make sure All drives is selected under the options, click OK when you’re done
  4. Double-click on Set the default behavior for AutoRun, set it to Enabled, and make sure Do not execute any autorun commands is selected under the options, click OK when you’re done
  5. You may now close out of the Local Group Policy Editor, for good measure you should reboot your computer

Method 2 – Group Policy

Note: This example is done on a Windows Server 2008 R2 domain controller using the Group Policy Management Console, I can not verify if the methods are identical on alternate versions of the Windows Server operating system.

  1. Open the Run prompt on your server (Windows + R), type in gpmc.msc, then click OK
  2. Once the console opens, create a new Group Policy and name it something appropriate (i.e. Disable AutoPlay, or include it in a blanket Network Security policy)
  3. Apply this policy to the appropriate OUs and security groups, I’d recommend applying this to the entire domain. Next, right-click on the policy and click Edit
  4. Navigate to Computer Configuration/Policies/Administrative Templates/Windows Components/AutoPlay Policies
  5. Double-click on Turn off Autoplay, set it to Enabled, and make sure All drives is selected under the options, click OK when you’re done
  6. Double-click on Set the default behavior for AutoRun, set it to Enabled, and make sure Do not execute any autorun commands is selected under the options
  7. Click OK, then close out of the Group Policy Management Editor and the Management Console. And you’re done!

 

Thanks for reading, and I hope this has helped you out!

 

Written By jamesmontour

James Montour is a Systems Administrator and information security enthusiast living in the US. His skills include Active Directory Administration, Database Administration, Network Administration, Automation/Scripting, Windows Server Management, and IT Compliance.