USB Device Managment
-
Changing a USB Device's Status
Continuing onward from the previous page, we'll now continue to manipulate this USB Drive, in particular we're going to disable the device so it can be unplugged without risking possible disk corruption.
There are actually a few ways to do this, but for reasons this approach is being used. At the end of this page will be an Alternative Approach to "Properly Eject" a USB Drive with some explanations as to why it's not the approach we're using here.
Disabling a device with PowerShell is actually very simple once you know what the InstanceID is, we'll be using the Disable-PnPDevice cmdlet, the InstanceID and an Automatic flag so we aren't prompted for confirmation (so this can be scripted).
This must be run from an Administrative PowerShell Session.
Text in iTALICS is variable based on your device(s) and needs to be adjusted to match your scenario.
Disable-PnPDevice -InstanceID '*USB\VID_154B&PID_00AD\AA520F2080000086*' -A;Our "G:" Drive USB Storage will be disabled from Device Manager so it can be removed without risking anything still being read or written to it.
Enabling your USB Drive with PowerShell
Conversely, enabling the device is just as simple by changing Disable-PnPDevice to Enable-PnPDevice...Enable-PnPDevice -InstanceID '*USB\VID_154B&PID_00AD\AA520F2080000086*' -A;Use Cases of the Above
The above operations are incredibly useful when you have to rotate USB drives or devices on a schedule, but often times have persons who aren't always able to swap the device or don't have access to log into the system in question and can't safely "Eject".What this does is disable the USB Device (USB Drive in our case) so all read/write operations are stopped, allows the device to be enabled without needing someone to physically reconnect the USB drive by removing and plugging it in again and ensure that no "Disk corruption" errors occur because the device use has been halted.
The above approach fixes the issue of needing to provide someone access to your server console to simply swap a USB drive, as well as allows you to ensure that a USB Drive is enabled and functional to ensure backups can continue.
The Alternative Approach...
This approach is a bit more unforgiving, in that the drive will be ejected with the "Safe to remove" notification which is wonderful, but this approach has ramifications that require remote hands to resolve - namely if no one actually swaps the drive..
$driveEject = New-Object -comObject Shell.Application $driveEject.Namespace(17).ParseName("E:").InvokeVerb("Eject")So what does the above do? It will properly eject the USB Drive which has the Volume letter of "E:" which then will allow the disk to be removed from the system without having to work with Device Manager.
What doesn't this do?
Once a USB drive is ejected either with the above or "Right-click Eject", the only way to connect the device to the system again is to physically pull the device and plug it back in. I've yet to find a way to replicate the connection process that occurs automatically when a USB Drive is connected to a system.
So the alternative approach here should be used with caution as you'll need someone to physically reconnect the drive if its ejected, but not replaced.
-
Scenario and Solution
Combining what we've learned in this chapter we can safely disable a USB Disk Drive, and enable the same drive later on.
Scenario: A drive needs to be swapped for weekly rotation, the customer has four USB drives; Week 1, Week 2, Week 3 and Week 4. Susan the receptionist forgot to swap the drive on Friday at 5PM before leaving for the day; or she doesn't have access to the server to login and eject the disk drive. You need to ensure the drive is cleanly "removed" from the system and second that a drive is available prior to the start of the next backup.
Solution: Create two Scheduled Tasks which run individual PowerShell scripts, one to disable the USB Drive(s) and another to enable the USB Drive(s).
The reasoning behind disabling the drive is to ensure that all data operations are stopped before the device is pulled, preventing potential disk corruption issues.
The reasoning behind enabling the drive is to ensure that if Susan forgets to swap the drive, the device will be enabled and backups won't fail.
Put it all together. . . .
# This will disable these specific USB Device IDs # We're assuming we don't know what device will be attached at any give point so we "disable" all possibilities Disable-PnPDevice -InstanceID 'USB\VID_1B1C&PID_1A06\AA1TD4DI0B5WBKJG' -A; Disable-PnPDevice -InstanceID 'USB\VID_154B&PID_00AD\AA520F2080000086' -A;In another PowerShell script we enable the same USB devices.
# This will enable these specific USB Device IDs # We're assuming we don't know what device will be attached at any give point so we "enable" all possibilities Enable-PnPDevice -InstanceID 'USB\VID_1B1C&PID_1A06\AA1TD4DI0B5WBKJG' -A; Enable-PnPDevice -InstanceID 'USB\VID_154B&PID_00AD\AA520F2080000086' -A;What happens if a device is actually swapped, nothing as the device InstanceID are disabled. So it's critical that the devices be enabled prior to the start of the next backup.
Demo this by disabling any USB drive on your computer, and removing it and replugging it with devmgmt.msc open. The device will remain disabled until you enable it.
The above can then be scheduled to run from Task Scheduler to first, disable any devices after backups should be complete, and secondly, enable any devices after a swap should have occurred.
Challenges: The biggest challenge here is knowing or gathering the InstanceID's of each drive that may be a part of such a rotation, the second challenge is making sure that Susan doesn't swap the drives Earlier or Later than the schedule allows.
Early and the device isn't disabled (possibly causing false alerts), Late and a backup may be running (causing backup failures).
While this doesn't resolve every scenario, it covers many of the cases that can occur and cause possible headaches.
Again it's critical we enable all previously disabled devices as these changes disable automatic mounting
-
-
@irj just reserving the space
-
Not that it’s really all that important - it’s a comment.
“Denable”
-
@gjacobse I was wondering what denable was lol... good eye.
Corrected it
-
@dustinb3403 We have a big problem in this scenario.
On windows server 2012 it doesn't work, what can I do?
-
@zsvendo said in USB Device Managment:
@dustinb3403 We have a big problem in this scenario.
On windows server 2012 it doesn't work, what can I do?
Which part doesn't work? Also if you're not running at least 2012 R2 I don't want to help.
-
@dustinb3403 Windows server 2012 R2 does not have the PnPDevice is a module, so it doesn't work
-
@zsvendo said in USB Device Managment:
@dustinb3403 Windows server 2012 R2 does not have the PnPDevice is a module, so it doesn't work
Okay, so your powershell version needs to be updated, can you run
(Get-Host).Versionto update you'll likely need to update .net as well. -
@dustinb3403 It's not powershell but modules.
I've upgraded to 5.1 but this PnpDevie module option doesn't have for 2012 R2 -
@zsvendo said in USB Device Managment:
@dustinb3403 It's not powershell but modules.
I've upgraded to 5.1 but this PnpDevie module option doesn't have for 2012 R2If 2012 r2 doesn't include it you'll need to use the WMI version.
I don't have the exact process off hand but will take a look.
-
@zsvendo Try the below and adjust the above to work for your environment.
Get-WMIObject -Class Win32_PnPEntity | where {$_.Name -Like "USB*"} | Ft Name, Description, Manufacturer, DeviceIDShould do what's needed based on my testing, granted Windows 10 but this is the legacy approach.
Edited the command to include the DeviceID (not screenshotted) but should work
-
@dustinb3403 This command you sent me worked, I just need to see how to disable USB, you know?
-
@zsvendo said in USB Device Managment:
@dustinb3403 This command you sent me worked, I just need to see how to disable USB, you know?
I don't off hand, its one of the reasons I didn't want to support an older OS. I did have this process sorted out previously as I came across the same issue but scrapped the documentation since it was decided that "it wasn't worth bothering"
-
@dustinb3403 because the servers are licensed I can't change it to a more current one.
But PnpDevice is the best -
@dustinb3403 I even managed to make devcon.exe disable USB
but I wanted with this command you sent
