USB Device Managment

DustinB3403

Scenario and Solution

Combining what we've learned in this chapter we can safely disable a USB Disk Drive, and enable the same drive later on.

Scenario: A drive needs to be swapped for weekly rotation, the customer has four USB drives; Week 1, Week 2, Week 3 and Week 4. Susan the receptionist forgot to swap the drive on Friday at 5PM before leaving for the day; or she doesn't have access to the server to login and eject the disk drive. You need to ensure the drive is cleanly "removed" from the system and second that a drive is available prior to the start of the next backup.

Solution: Create two Scheduled Tasks which run individual PowerShell scripts, one to disable the USB Drive(s) and another to enable the USB Drive(s).

The reasoning behind disabling the drive is to ensure that all data operations are stopped before the device is pulled, preventing potential disk corruption issues.

The reasoning behind enabling the drive is to ensure that if Susan forgets to swap the drive, the device will be enabled and backups won't fail.

Put it all together. . . .

# This will disable these specific USB Device IDs
# We're assuming we don't know what device will be attached at any give point so we "disable" all possibilities
Disable-PnPDevice -InstanceID 'USB\VID_1B1C&PID_1A06\AA1TD4DI0B5WBKJG' -A;
Disable-PnPDevice -InstanceID 'USB\VID_154B&PID_00AD\AA520F2080000086' -A;

In another PowerShell script we enable the same USB devices.

# This will enable these specific USB Device IDs
# We're assuming we don't know what device will be attached at any give point so we "enable" all possibilities
Enable-PnPDevice -InstanceID 'USB\VID_1B1C&PID_1A06\AA1TD4DI0B5WBKJG' -A;
Enable-PnPDevice -InstanceID 'USB\VID_154B&PID_00AD\AA520F2080000086' -A;

What happens if a device is actually swapped, nothing as the device InstanceID are disabled. So it's critical that the devices be enabled prior to the start of the next backup.

Demo this by disabling any USB drive on your computer, and removing it and replugging it with devmgmt.msc open. The device will remain disabled until you enable it.

The above can then be scheduled to run from Task Scheduler to first, disable any devices after backups should be complete, and secondly, enable any devices after a swap should have occurred.

Challenges: The biggest challenge here is knowing or gathering the InstanceID's of each drive that may be a part of such a rotation, the second challenge is making sure that Susan doesn't swap the drives Earlier or Later than the schedule allows.

Early and the device isn't disabled (possibly causing false alerts), Late and a backup may be running (causing backup failures).

While this doesn't resolve every scenario, it covers many of the cases that can occur and cause possible headaches.

Again it's critical we enable all previously disabled devices as these changes disable automatic mounting

IRJ

@dustinb3403 said in USB Device Managment:

res

Everything ok?

DustinB3403

@irj just reserving the space

gjacobse

Not that it’s really all that important - it’s a comment.

“Denable”

DustinB3403

@gjacobse I was wondering what denable was lol... good eye.

Corrected it

zsvendo

@dustinb3403 We have a big problem in this scenario.

On windows server 2012 it doesn't work, what can I do?

DustinB3403

@zsvendo said in USB Device Managment:

@dustinb3403 We have a big problem in this scenario.

On windows server 2012 it doesn't work, what can I do?

Which part doesn't work? Also if you're not running at least 2012 R2 I don't want to help.

zsvendo

@dustinb3403 Windows server 2012 R2 does not have the PnPDevice is a module, so it doesn't work

DustinB3403

@zsvendo said in USB Device Managment:

@dustinb3403 Windows server 2012 R2 does not have the PnPDevice is a module, so it doesn't work

Okay, so your powershell version needs to be updated, can you run (Get-Host).Version to update you'll likely need to update .net as well.

zsvendo

@dustinb3403 It's not powershell but modules.
I've upgraded to 5.1 but this PnpDevie module option doesn't have for 2012 R2

DustinB3403

@zsvendo said in USB Device Managment:

@dustinb3403 It's not powershell but modules.
I've upgraded to 5.1 but this PnpDevie module option doesn't have for 2012 R2

If 2012 r2 doesn't include it you'll need to use the WMI version.

I don't have the exact process off hand but will take a look.

DustinB3403

@zsvendo Try the below and adjust the above to work for your environment.

Get-WMIObject -Class Win32_PnPEntity | where {$_.Name -Like "USB*"} | Ft Name, Description, Manufacturer, DeviceID

Should do what's needed based on my testing, granted Windows 10 but this is the legacy approach.

Edited the command to include the DeviceID (not screenshotted) but should work

zsvendo

@dustinb3403 This command you sent me worked, I just need to see how to disable USB, you know?

DustinB3403

@zsvendo said in USB Device Managment:

@dustinb3403 This command you sent me worked, I just need to see how to disable USB, you know?

I don't off hand, its one of the reasons I didn't want to support an older OS. I did have this process sorted out previously as I came across the same issue but scrapped the documentation since it was decided that "it wasn't worth bothering"

zsvendo

@dustinb3403 because the servers are licensed I can't change it to a more current one.
But PnpDevice is the best

zsvendo

@dustinb3403 I even managed to make devcon.exe disable USB
but I wanted with this command you sent