How To Disable Autorun.inf In Windows Vista

It is good practice to disable the autorun.inf feature. Inserting a USB drive or CD with an autorun.inf file can be used to run software automatically, in the context of the current user. The Microsoft Knowledge Base article “How to disable the Autorun functionality in Windows” was at revision 3.0 as of March 6, 2009. If you have struggled with disabling Autorun.inf, you are not alone.

Do not confuse AutoRun with AutoPlay. The Autorun.inf file specifies a program to be run when the removable media is inserted. That is, the Autorun.inf file specifies arbitrary code to be run in the context of the user when the CD, DVD, thumb drive, or SD card is inserted. Often the program to be run is on the removable media. With AutoRun enabled, the user can easily run a program they had not intended to run.

With AutoPlay, the user has previously specified the program to be run when the removable media is inserted. The program does not normally reside upon the removable media; for example, AutoPlay can be configured to run Windows Media Player if a device containing MP3 files is inserted.

In summary, to disable the Autorun functionality in Windows Vista (RTM and SP1):

  1. you must have security update 950582 installed (security bulletin MS08-038), and
  2. use Group Policy or RegEdit to disable all Autorun features.

Is the feature introduced in 950582 installed? Windows Vista Service Pack 1 (SP1) using the General Distribution Release (GDR) service branch should have Shell32.dll version 6.0.6001.18062 (or later) installed. The Limited Distribution Release (LDR) service branch would use Shell32.dll version 6.0.6001.22166 (or later). Windows Vista as Released To Manufacturing (RTM) would use Shell32.dll versions 6.0.6000.16680 (or later) and Shell32.dll 6.0.6000.20822 (or later) for its GDR and LDR services branches.

To use Group Policy settings to disable all Autorun features

  1. Run Gpedit.msc
  2. User Account Control permission,
  3. Computer Configuration, Administrative Templates, Windows Components, Autoplay Policies,
  4. Double-click Turn off Autoplay in the Details pane.
  5. Click Enabled, and then select All drives in the Turn off Autoplay box.
  6. Restart.

To use RegEdit to disable all AutoRun features (because Gpedit.msc is not available), the registry entry to create for each user is:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutorun"=dword:000000ff

Expect 64-bit Windows operating systems to use qword instead of dword.

You may wish to disable Autoplay as well; use Control Panel, Hardware and Sound, Autoplay and clear the “Turn Off Autoplay for all Media and Devices” checkbox.

You may ask “What about all the other AutoRun settings, such as the ones in HKEY_LOCAL_MACHINE, the ones for various devices and the other workarounds?” They are not necessary; see the Microsoft Technet article and the US-CERT Technical Cyber Security Alert TA09-020A.

Alternate approach from Nick Brown (and cited in CERT TA09-020A):

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

This entry was posted on Thursday, May 28th, 2009 at 2:55 PM and is filed under Virus. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.