Thread: Access to drive only with USB stick

  1. #1
    Registered User
    Join Date
    Feb 2009
    Posts
    93

    Access to drive only with USB stick

    Hi,

    Id like to setup my computer so access is only allowed to certain drives / folders when a USB stick is plugged in containing a special file.

    Im guessing there would need to be two files. One on the computer and one on the stick. When there is a communication access is allowed as normal, when there isnt communication then it denies access.

    I dont have a good knowledge of C programming at the moment, but can you please tell me if this is possible first before I begin trying to work it out.

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Registered User
    Join Date
    Feb 2009
    Posts
    93
    Thank you for posting a link to my other thread, but Im not quite sure what your point is. Is there a rule against posting on multiple forums? Im just trying to get a varied opinion before I embark on this project. If im going against the rules then I apologise.

  4. #4
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    How do you plan on restricting access to the drives or folders in the first place?
    bit∙hub [bit-huhb] n. A source and destination for information.

  5. #5
    Registered User
    Join Date
    Feb 2009
    Posts
    93
    Hi,

    This is something I would appreciate your insight on. I know its possible as I used to own a finger print scanner that would achieve something similar, and I believe there are other programs like folder lock which also restrict access to folders depending on wether or not a password as been entered in the folder lock program.

  6. #6
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    > Thank you for posting a link to my other thread, but Im not quite sure what your point is.
    Read this (when it's back, seems to be offline ATM)
    That somehow you consider your post to be more important than everyone else's (it isn't).
    That you don't care whether people read the same thing over and over again (this really ........es people off after they've seen it 000's of times).
    That you consider the problem to be urgent, and you're attempting to grab as wide an audience as possible in the hope of a quick reply.
    That you haven't considered the possibility of which might be the best forum, and just broadcast anyway.

    So rather than me spending my time helping someone else, I've now had to spend it telling you about netiquette instead.

    I mean, the Ask Smart Questions link is in read before posting (here) AND read before posting (there) as well. Bit of a screw-up to miss BOTH of them isn't it?

    Cross-posting is fine, if you post on one forum and don't get anywhere, then by all means try another one. But concurrent broadcast is just plain rude.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  7. #7
    Registered User
    Join Date
    Feb 2009
    Posts
    93
    I personally dont think its rude to ask for help on multiple forums, I was just hoping to catch a wider audience to raise the possibility of getting a little insight, not bombard users with a question.

    Obviously im not here to argue, if users have a problem with my message being posting on more than one forum for help then I appologise, however if they dont then I still welcome any insight that they are willing to share with me.

  8. #8
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Quote Originally Posted by spadez View Post
    I personally dont think its rude to ask for help on multiple forums,.
    Most rude people don't realize they are rude, thats why they continue to be rude.

  9. #9
    Registered User
    Join Date
    Sep 2001
    Posts
    4,912
    I dont have a good knowledge of C programming at the moment, but can you please tell me if this is possible first before I begin trying to work it out.
    I found it pretty unclear what you intend to do, but if I understand you correctly you're going to have make some pretty low-level changes to the OS. You would need a REALLY good knowledge of the target OS (not to mention C) if you were to accomplish all that. Windows allows you to restrict things based on users (and even then - I don't know that it can be done easily through your own program - that's a security issue), but adjusting privileges based on a file on a USB stick is some very custom functionality I haven't heard of before.

    And yes, cross-posting is rude when it's done without waiting for a reply from at least one place first.

  10. #10
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    I found it pretty unclear what you intend to do, but if I understand you correctly you're going to have make some pretty low-level changes to the OS.
    Well, not necessarily. I believe Windows can encrypt files and folders, so there's probably a good chance this functionality is exposed through the Win32 API. I don't know if this encryption would suit the OP's needs though.

    EDIT: This looks like a pretty good example.
    bit∙hub [bit-huhb] n. A source and destination for information.

  11. #11
    Registered User
    Join Date
    Feb 2009
    Posts
    93
    Im sorry if I was rude. To clarify, I'm trying to create and use a program to allow or disallow access to a certain folder.

    I'm wondering how this might be achieved.

    Edit: thank you for the reply. I'll look into the link. Is there a way to do this by modifying access permissions rather than encryption to save performance.
    Last edited by spadez; 08-17-2009 at 02:43 PM.

  12. #12
    Registered User
    Join Date
    Sep 2001
    Posts
    4,912
    Well you need to 1) detect when there's a new device, 2) scan that device for your file, and then depending on the results, 3) restrict access to those folders.

    The only part of this that is simple, standard C is the part of #2 where you're actually reading the contents of the files. Detecting the device, traversing directories and getting file lists on the device and restricting access are going to be a lot more complex than the programs I've seen you attempt before. You'll need to learn a lot about the Win API. Here's some sample code about detecting a new USB device: IP Banned

  13. #13
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    Is there a way to do this by modifying access permissions rather than encryption to save performance.
    I would think this would only be feasible if the computer was not logged in with an account that has administrator privileges (which is rare in the Windows world).
    bit∙hub [bit-huhb] n. A source and destination for information.

  14. #14
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    Well you need to 1) detect when there's a new device, 2) scan that device for your file, and then depending on the results, 3) restrict access to those folders.
    I think there's an easier way of doing this that doesn't rely on device detection.

    Simply have your application run in a loop where every 10 seconds (or some configurable time), it does the following:
    1. Calls GetLogicalDrives() to get a list of all drives.
    2. For each drive, check a hard-coded path for your file: [Drive Letter]:\security_file.awesome
    3. If file exists, open it up and verify it is has the contents you expect
    4. Decrypt (or change permissions) based on the results of steps 1-3.
    bit∙hub [bit-huhb] n. A source and destination for information.

  15. #15
    Registered User
    Join Date
    Feb 2009
    Posts
    93
    Hi.

    Thank you all for the replies. This is a bit of a labour of love, I understand that it is above my current knowledge of c programming, and I will therefore be enlisting some additional help, but id like to get the project on the right direction before I do this. Once I get a working program ill release the code so others can tinker about with it.

    I think I will need to investigate the two methods of detection a little more. The loops sounds like it would be easier to program but since Sean has found some existing model code for drive detection it might be better to work with this. I think I prefer that method since it saves looping and means the user cant access the files before the loop re-initialises if the drive is pulled out.

    The main problem im left with is the method to restrict access to the files. Here are the options ive found on the internet:

    1. Change folder permissions by registry edit (however im not sure if this would need a restart to take effect)
    2. Change folder permissions by batch script (Its possible apparently)
    3. Encrypt and decrypt contents (Its around 250GB of files and id rather not lose the performance by decrypting the files on the fly before they are accessed)
    4. Utilise windows BitLocker technology and use the program to trigger it on and off
    Last edited by spadez; 08-18-2009 at 02:39 AM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Extracting data from a laptop hard drive
    By DavidP in forum Tech Board
    Replies: 6
    Last Post: 06-13-2009, 07:02 AM
  2. Booting through USB sticks
    By kris.c in forum Tech Board
    Replies: 5
    Last Post: 05-27-2007, 01:55 AM
  3. Sounds and Audio Decoding/ Drive Access
    By coldfusion244 in forum Windows Programming
    Replies: 4
    Last Post: 03-03-2005, 02:50 PM
  4. Frequent hard drive access question
    By Xzyx987X in forum Windows Programming
    Replies: 2
    Last Post: 04-27-2004, 10:47 PM
  5. changing drive letter gaining access to a network
    By zornedge in forum A Brief History of Cprogramming.com
    Replies: 2
    Last Post: 11-29-2001, 10:57 AM