I saw that this was supported by worklets in a cyber essentials Automox PDF, however, I can’t seem to find the worklet that it is describing.
Does this already exist?
Solved
Worklet to Disable any auto-run feature which allows files execution without user authorisation
Best answer by JohnG-Automox
Hi
Just an FYI here, this worklet is now published in the Worklet Catalog for your use!
It can be found with the name Windows - Configuration - Disable AutoRun
Have a great weekend!
Hi
Here is a worklet that you can use for disabling AutoRun on a device.
Evaluation Code:
<#
.SYNOPSIS
Windows - Configuration - Disable AutoRun
.DESCRIPTION
This worklet disables the AutoRun feature on a Windows device.
It will prevent programs from automatically running from an external drive when it is attached to a computer.
Because malware can exploit AutoRun, disabling it is recommended.
.NOTES
Author: John Guarracino
Date: May 10, 2023
.USAGE
Optional: The $regValue variable can be changed to block a specific drive type.
The following values are acceptable:
# '1' Disables AutoRun on drives of unknown type
# '4' Disables AutoRun on removable drives
# '8' Disables AutoRun on fixed drives
# '10' Disables AutoRun on network drives
# '20' Disables AutoRun on CD-ROM drives
# '40' Disables AutoRun on RAM disks
# '255' Disables AutoRun on all kinds of drives
The default value is '255' or disable AutoRun on ALL drive types.
#>
#Change to the desired value
$regValue = '255'
#Predefined variables
$regPath = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
$regName = 'NoDriveTypeAutoRun'
$exists = (Get-ItemProperty -Path "$regPath" -Name "$regName" -ErrorAction SilentlyContinue).$regName
if ($exists -eq $regValue)
{
Write-Output "AutoRun is already disabled. Now exiting."
Exit 0
}
else
{
Write-Output "The device is not compliant. Flagging for remediation."
Exit 1
}
Remediation Code:
<#
.SYNOPSIS
Windows - Configuration - Disable AutoRun
.DESCRIPTION
This worklet disables the AutoRun feature on a Windows device.
It will prevent programs from automatically running from an external drive when it is attached to a computer.
Because malware can exploit AutoRun, disabling it is recommended.
.NOTES
Author: John Guarracino
Date: May 10, 2023
.USAGE
Optional: The $regValue variable can be changed to block a specific drive type.
The following values are acceptable:
# '1' Disables AutoRun on drives of unknown type
# '4' Disables AutoRun on removable drives
# '8' Disables AutoRun on fixed drives
# '10' Disables AutoRun on network drives
# '20' Disables AutoRun on CD-ROM drives
# '40' Disables AutoRun on RAM disks
# '255' Disables AutoRun on all kinds of drives
The default value is '255' or disable AutoRun on ALL drive types.
#>
#Change to the desired value
$regValue = '255'
#Predefined variables
$regPath = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
$regName = 'NoDriveTypeAutoRun'
$exists = (Get-ItemProperty -Path "$regPath" -Name "$regName" -ErrorAction SilentlyContinue).$regName
if ($exists -eq $regValue)
{
Write-Output "AutoRun is already disabled. Now exiting."
Exit 0
}
else
{
try
{
New-ItemProperty -Path $regPath -Name $regName -Value $regValue -Type Dword
Write-Output "AutoRun has been disabled."
Exit 0
}
catch
{
Write-Output "An error has occured:"
$Exception = $error[0].Exception.Message + "`nAt Line " + $error[0].InvocationInfo.ScriptLineNumber
Write-Output $Exception
Exit 1
}
}
This worklet will be published in the Worklet Catalog later today for ease of use, but until then, feel free to try and test out the code.
Let me know if you have any questions.
Have a great day!
Hi
Just an FYI here, this worklet is now published in the Worklet Catalog for your use!
It can be found with the name Windows - Configuration - Disable AutoRun
Have a great weekend!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.