Is there a way to find out when in a LAN anyone plugs in a pendrive to the USB port? Programatically (in C# preferably) or through some tool. Basically I'd imagine a client application sits on each terminal and monitors the USB ports and sends the information to the server.
有没有办法找出什么时候在局域网中谁有人插入到USB端口的pendrive?以编程方式(最好在C#中)或通过某种工具。基本上我想象一个客户端应用程序位于每个终端上并监视USB端口并将信息发送到服务器。
a.) Can I get the details of the file(s) being copied? b.) Is there a way to do this without a client application?
a。)我可以获取正在复制的文件的详细信息吗? b。)有没有办法在没有客户申请的情况下这样做?
EDIT
I dont want to disable the USB port entirely. its to be on a need to have basis. Basically just want the users on the LAN to share data responsibly and know that whatever data is tranfered is monitored and logged and can be questioned later.
我不想完全禁用USB端口。它需要有基础。基本上只是希望LAN上的用户以负责任的方式共享数据,并且知道所传输的任何数据都会受到监控和记录,以后可能会被质疑。
6 个解决方案
#1
13
[Assuming Windows, given the C# remark. Please tag accordingly]
[假设Windows,给出了C#评论。请相应标记]
Yes, this is possible. And it is possible to get the details of the file. It will require programming, though. Watch for WM_DEVICECHANGE and re-enumerate drives afterwards. It will get you USB pendrives, but also SD cards. I expect that's a bonus for you.
是的,这是可能的。并且可以获取文件的详细信息。但是,它需要编程。观察WM_DEVICECHANGE并在之后重新枚举驱动器。它将为您提供USB pendrives,还有SD卡。我希望这对你来说是一个奖励。
To get more details once you know a drive has arrived, use System.IO.FileSystemWatcher
要在知道驱动器到达后获取更多详细信息,请使用System.IO.FileSystemWatcher
Update I found a better solution - if you register for volume interface notifications, you'll get the volume path for the new drive. First, create a DEV_BROADCAST_DEVICEINTERFACE with dbcc_classguid=GUID_DEVINTERFACE_VOLUME. Then pass this to RegisterDeviceNotification(). You will again get a WM_DEVICECHANGE but you can now cast the lParam from the message to DEV_BROADCAST_DEVICEINTERFACE*.
更新我发现了一个更好的解决方案 - 如果您注册了卷接口通知,您将获得新驱动器的卷路径。首先,使用dbcc_classguid = GUID_DEVINTERFACE_VOLUME创建DEV_BROADCAST_DEVICEINTERFACE。然后将其传递给RegisterDeviceNotification()。您将再次获得WM_DEVICECHANGE,但现在可以将消息中的lParam转换为DEV_BROADCAST_DEVICEINTERFACE *。
You can pass the dbcc_name you receive to GetVolumeNameForVolumeMountPoint(). You can also pass all drive letters from GetLogicalDriveStrings() to GetVolumeNameForVolumeMountPoint(). You'll have one matching volume name; this is the new drive.
您可以将收到的dbcc_name传递给GetVolumeNameForVolumeMountPoint()。您还可以将GetLogicalDriveStrings()中的所有驱动器号传递给GetVolumeNameForVolumeMountPoint()。您将拥有一个匹配的卷名称;这是新的驱动器。
#2
3
Also check out the registry where all information is stored about the usb devices. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
另请查看注册表中存储有关USB设备的所有信息。 HKEY_LOCAL_MACHINE \系统\ CurrentControlSet \枚举\ USB
You can hook into changes of that key in the registry and act upon that.
您可以在注册表中挂钩对该键的更改并对其进行操作。
This free utility are a big help when pooking around: http://www.nirsoft.net/utils/usb_devices_view.html
这个免费的实用程序是一个很大的帮助,当你四处寻找:http://www.nirsoft.net/utils/usb_devices_view.html
You can select a usb-drive, choose to open the registry key for that drive and enable/disable the device and a lot more.
您可以选择USB驱动器,选择打开该驱动器的注册表项并启用/禁用该设备等等。
In the registry you can see if the device is connected, if it's of massstorage type and other interresting information. Its easy to filter the regkeys to just get usb-massstorage drives and then hook into and wait for changes (connect/disconnect).
在注册表中,您可以查看设备是否已连接,是否为massstorage类型和其他interresting信息。它很容易过滤regkeys以获得usb-massstorage驱动器,然后挂钩并等待更改(连接/断开连接)。
With Windows Management Instrumentation you can register to recieve Registry events: http://msdn.microsoft.com/en-us/library/aa393035(VS.85).aspx
使用Windows Management Instrumentation,您可以注册以接收Registry事件:http://msdn.microsoft.com/en-us/library/aa393035(VS.85).aspx
Check out System.Management in .Net
查看.Net中的System.Management
#3
1
If its a small environment and you want to prevent any usb devices from being used, then you can disable the usb ports in device manager, make sure no users are set up as adminstrators on the machines and that should prevent all usb use.
如果它是一个小环境并且您想要阻止使用任何USB设备,那么您可以在设备管理器中禁用USB端口,确保没有用户在机器上设置为管理员,这应该阻止所有USB使用。
And if you are really paranoid about it, just open the machines and plug out the ports.
如果你真的很偏执,只需打开机器并拔出端口即可。
#4
1
Have a look at this article. Explains the messages and how to work with them. Detecting usb drive removal
看看这篇文章。解释消息以及如何使用它们。检测USB驱动器的移除
#5
1
I've never used it, but the folks at ic#code (sharpdevelop) have a usblib. Maybe it can help you out.
我从来没有使用它,但ic#code(sharpdevelop)的人有一个usblib。也许它可以帮助你。
http://www.icsharpcode.net/OpenSource/SharpUSBLib/default.aspx
#6
0
Are you trying to prevent the use of USB thumb drives? If so there is a Group Policy that allows you to restrict access.
您是否试图阻止使用USB拇指驱动器?如果是这样,则存在允许您限制访问的组策略。
#1
13
[Assuming Windows, given the C# remark. Please tag accordingly]
[假设Windows,给出了C#评论。请相应标记]
Yes, this is possible. And it is possible to get the details of the file. It will require programming, though. Watch for WM_DEVICECHANGE and re-enumerate drives afterwards. It will get you USB pendrives, but also SD cards. I expect that's a bonus for you.
是的,这是可能的。并且可以获取文件的详细信息。但是,它需要编程。观察WM_DEVICECHANGE并在之后重新枚举驱动器。它将为您提供USB pendrives,还有SD卡。我希望这对你来说是一个奖励。
To get more details once you know a drive has arrived, use System.IO.FileSystemWatcher
要在知道驱动器到达后获取更多详细信息,请使用System.IO.FileSystemWatcher
Update I found a better solution - if you register for volume interface notifications, you'll get the volume path for the new drive. First, create a DEV_BROADCAST_DEVICEINTERFACE with dbcc_classguid=GUID_DEVINTERFACE_VOLUME. Then pass this to RegisterDeviceNotification(). You will again get a WM_DEVICECHANGE but you can now cast the lParam from the message to DEV_BROADCAST_DEVICEINTERFACE*.
更新我发现了一个更好的解决方案 - 如果您注册了卷接口通知,您将获得新驱动器的卷路径。首先,使用dbcc_classguid = GUID_DEVINTERFACE_VOLUME创建DEV_BROADCAST_DEVICEINTERFACE。然后将其传递给RegisterDeviceNotification()。您将再次获得WM_DEVICECHANGE,但现在可以将消息中的lParam转换为DEV_BROADCAST_DEVICEINTERFACE *。
You can pass the dbcc_name you receive to GetVolumeNameForVolumeMountPoint(). You can also pass all drive letters from GetLogicalDriveStrings() to GetVolumeNameForVolumeMountPoint(). You'll have one matching volume name; this is the new drive.
您可以将收到的dbcc_name传递给GetVolumeNameForVolumeMountPoint()。您还可以将GetLogicalDriveStrings()中的所有驱动器号传递给GetVolumeNameForVolumeMountPoint()。您将拥有一个匹配的卷名称;这是新的驱动器。
#2
3
Also check out the registry where all information is stored about the usb devices. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
另请查看注册表中存储有关USB设备的所有信息。 HKEY_LOCAL_MACHINE \系统\ CurrentControlSet \枚举\ USB
You can hook into changes of that key in the registry and act upon that.
您可以在注册表中挂钩对该键的更改并对其进行操作。
This free utility are a big help when pooking around: http://www.nirsoft.net/utils/usb_devices_view.html
这个免费的实用程序是一个很大的帮助,当你四处寻找:http://www.nirsoft.net/utils/usb_devices_view.html
You can select a usb-drive, choose to open the registry key for that drive and enable/disable the device and a lot more.
您可以选择USB驱动器,选择打开该驱动器的注册表项并启用/禁用该设备等等。
In the registry you can see if the device is connected, if it's of massstorage type and other interresting information. Its easy to filter the regkeys to just get usb-massstorage drives and then hook into and wait for changes (connect/disconnect).
在注册表中,您可以查看设备是否已连接,是否为massstorage类型和其他interresting信息。它很容易过滤regkeys以获得usb-massstorage驱动器,然后挂钩并等待更改(连接/断开连接)。
With Windows Management Instrumentation you can register to recieve Registry events: http://msdn.microsoft.com/en-us/library/aa393035(VS.85).aspx
使用Windows Management Instrumentation,您可以注册以接收Registry事件:http://msdn.microsoft.com/en-us/library/aa393035(VS.85).aspx
Check out System.Management in .Net
查看.Net中的System.Management
#3
1
If its a small environment and you want to prevent any usb devices from being used, then you can disable the usb ports in device manager, make sure no users are set up as adminstrators on the machines and that should prevent all usb use.
如果它是一个小环境并且您想要阻止使用任何USB设备,那么您可以在设备管理器中禁用USB端口,确保没有用户在机器上设置为管理员,这应该阻止所有USB使用。
And if you are really paranoid about it, just open the machines and plug out the ports.
如果你真的很偏执,只需打开机器并拔出端口即可。
#4
1
Have a look at this article. Explains the messages and how to work with them. Detecting usb drive removal
看看这篇文章。解释消息以及如何使用它们。检测USB驱动器的移除
#5
1
I've never used it, but the folks at ic#code (sharpdevelop) have a usblib. Maybe it can help you out.
我从来没有使用它,但ic#code(sharpdevelop)的人有一个usblib。也许它可以帮助你。
http://www.icsharpcode.net/OpenSource/SharpUSBLib/default.aspx
#6
0
Are you trying to prevent the use of USB thumb drives? If so there is a Group Policy that allows you to restrict access.
您是否试图阻止使用USB拇指驱动器?如果是这样,则存在允许您限制访问的组策略。