Site srightt.com

Disable Autorun Completely: Secure Your PC from Auto-Executing Threats

Written by

admin-dfv33

in

Disable Autorun Completely in Minutes: Easy Settings and PowerShell Commands

What this covers

  • Quick steps in Windows Settings and Group Policy to stop devices and media from auto-executing.
  • Registry edits for versions without Group Policy Editor.
  • PowerShell commands to enforce autorun disablement and verify settings.
  • Notes on security trade-offs and testing.

Quick steps (Settings & Local Group Policy)

  1. Settings (Windows ⁄11):

    • Open Settings > Devices > AutoPlay.
    • Turn Use AutoPlay for all media and devices to Off.

  2. Local Group Policy (Pro/Education/Enterprise):

    • Run gpedit.msc.
    • Navigate: Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies.
    • Enable Turn off AutoPlay and set Turn off AutoPlay on: to All drives.
    • Also enable Disallow Autoplay for non-volume devices if present.
    • Run gpupdate /force to apply.

Registry (Home editions)

  • Open Registry Editor (regedit) and set:
    • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
      • Create/modify DWORD NoDriveTypeAutoRun = 0xFF (255) to disable on all drives.
    • Key: HKEY_LOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
      • Create/modify DWORD NoViewOnDrive as needed for hiding (optional).
  • Reboot or sign out to apply.

PowerShell commands

  • Disable AutoPlay via registry (run as Administrator):
powershell
Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer” -Name “NoDriveTypeAutoRun” -Value 255 -Type DWord
  • For Group Policy registry-based change:
powershell
New-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer” -Name “NoDriveTypeAutoRun” -PropertyType DWord -Value 255 -Force
  • Verify current value:
powershell
Get-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer” -Name “NoDriveTypeAutoRun”
  • Apply Group Policy refresh:
powershell
gpupdate /force

Verification

  • Insert removable media with an autorun.inf; nothing should launch and no autoplay prompt appears.
  • Check Event Viewer for related entries if unexpected behavior occurs.

Security notes

  • Disabling autorun prevents many USB/CD-based malware vectors but does not replace antivirus, safe browsing, or endpoint protections.
  • Be cautious changing the registry; back it up before edits.

If you want, I can generate a one-click PowerShell script that applies these changes and backs up the registry first.

Comments

Leave a Reply

More posts