A simple logon security solution using the flash disks

 

Murat Yildirimoglu, February, 2009

 

A friend asked to provide a way to secure the logon process to his computer: He wanted that no one should logon to the computer unless a USB flash disk is inserted. Here is my solution:

 

Let’s assume that the letter for the is F:

I created a text file on the USB disk, let’s call it control.txt. The content of the file is not important.

 

Then I created the following batch file:

 

if exist f:\control.txt goto end
logoff
:end

The first line of the batch file checks the existence of the control.txt file on the F: drive. If there is such a file then it jumps to the third line, which does nothing but ending the batch file. If there is not a control.txt file on F: drive, the second line is executed, which immediately logs off the user, so he/she cannot do anything. Instead of logoff command, shutdown command can be issued also (such as “shutdown /s /t 1”).

 

This batch file  should be executed as a logon script in local group policy or, if we are in a domain, in one of the related group policies.

 

You can reach the local group policy issuing the “gpedit.msc” command. Then you should change to the User Configuration, Windows Settings, Scripts, Logon area. Insert the logon script there and indicate that this script should be used as the logon script. And, that’s all. After this procedure, if the user inserts the USB disk, he can logon. If not, he will be immediately logged off.