(Microsoft) The purpose of Autorun
The main purpose of Autorun is to provide a software response to hardware actions that you start on a computer. Autorun has the following features:
- Double-Click
- Contextual Menu
- AutoPlay
These features are typically called from removable media or from network shares. During AutoPlay, the Autorun.inf file from the media is parsed. This file specifies which commands the system runs. Many companies use this functionality to start their installers.
Back to the topUser experience
You may notice a change in user experience for the drives for which Autorun is disabled. The double-click and right-click shortcut menu functionality might be different because the Autorun.inf file is no longer read.
Prerequisites to disable Autorun capabilities
To disable Autorun capabilities, you must install the following updates:
- Update for Windows XP (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=c7dbcde3-7814-47c5-849e-e64ecfb35d74 ( http://www.microsoft.com/downloads/details.aspx?FamilyID=c7dbcde3-7814-47c5-849e-e64ecfb35d74)
- Update for Windows Server 2003 for Itanium-based Systems (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=99423caf-b52b-4ebc-b80c-94ee1ef9f66b ( http://www.microsoft.com/downloads/details.aspx?FamilyID=99423caf-b52b-4ebc-b80c-94ee1ef9f66b)
- Update for Windows Server 2003 x64 Edition (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=7b866fb7-9bb7-4fce-b395-d0a4ee38a115 ( http://www.microsoft.com/downloads/details.aspx?FamilyID=7b866fb7-9bb7-4fce-b395-d0a4ee38a115)
- Update for Windows Server 2003 (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=32b845ac-7681-468c-812b-2dcebdae9b40 ( http://www.microsoft.com/downloads/details.aspx?FamilyID=32b845ac-7681-468c-812b-2dcebdae9b40)
- Update for Windows XP x64 Edition (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=ca802f38-0566-4ac4-8808-6515623c35c5 ( http://www.microsoft.com/downloads/details.aspx?FamilyID=ca802f38-0566-4ac4-8808-6515623c35c5)
- Update for Windows 2000 (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=3c6039f1-d84d-4294-8457-35aa8b4dcab8 ( http://www.microsoft.com/downloads/details.aspx?FamilyID=3c6039f1-d84d-4294-8457-35aa8b4dcab8)
As soon as the prerequisites are installed, follow these steps to disable Autorun.
How to use Group Policy settings to disable all Autorun features
Windows Server 2008 or Windows Vista
Note Windows Vista-based and Windows Server 2008-based systems must have update 950582 (Security bulletin MS08-038 ( http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx) ) installed to take advantage of the registry key settings that disable Autorun.
- Click Start
Collapse this image
, type Gpedit.msc in the Start Search box, and then press ENTER.
Collapse this image
If you are prompted for an administrator password or for confirmation, type the password, or click Allow.
- Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.
- In the Details pane, double-click Turn off Autoplay.
- Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
- Restart the computer.
Windows Server 2003, Windows XP, and Windows 2000
- Click Start, click Run, type Gpedit.msc in the Open box, and then click OK.
- Under Computer Configuration, expand Administrative Templates, and then click System.
- In the Settings pane, right-click Turn off Autoplay, and then click Properties.Note In Windows 2000, the policy setting is named Disable Autoplay.
- Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
- Click OK to close the Turn off Autoplay Properties dialog box.
- Restart the computer.
How to selectively disable specific Autorun features
To selectively disable specific Autorun features, you must modify the NoDriveTypeAutoRun value under the following registry key subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
How you modify this subkey depends on the Autorun feature that you want to disable. For more information about Autorun registry key values, visit the following Microsoft TechNet Web page:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91525.mspx?mfr=true ( http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91525.mspx?mfr=true)
Autorun is also known as AutoPlay. The following table shows the settings for the NoDriveTypeAutoRun registry value.
Collapse this table
| Value | Meaning |
| 0x1 | Disables AutoPlay on drives of unknown type |
| 0x4 | Disables AutoPlay on removable drives |
| 0x8 | Disables AutoPlay on fixed drives |
| 0x10 | Disables AutoPlay on network drives |
| 0x20 | Disables AutoPlay on CD-ROM drives |
| 0x40 | Disables AutoPlay on RAM disks |
| 0x80 | Disables AutoPlay on drives of unknown type |
| 0xFF | Disables AutoPlay on all kinds of drives |
The default value for NoDriveTypeAutoRun varies for different Windows-based operating systems. These default values are listed in the following table.
Collapse this table
| Operating system | Default value |
|---|---|
| Windows Server 2008 and Windows Vista | 0x91 |
| Windows Server 2003 | 0x95 |
| Windows XP | 0x91 |
| Windows 2000 | 0x95 |
Registry key that is used to control the behavior of the current update
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
All the fixes in the current update for Windows XP and for Windows Server 2003 are included in the following two registry subkeys.
Note Changes are controlled by using this subkey so that you can revert to the previous configuration if it is required. Windows 2000 and Windows Vista do not use this registry subkey.
HonorAutorunSetting registry subkey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\
Registry Value
Collapse this table
| Value | Data type | Range | Default value |
| HonorAutorunSetting | REG_DWORD | 0x0–0xFF | 0x01 |
When you install update 967715, the HonorAutorunSetting registry key is created only in the HKEY_LOCAL_MACHINE registry hive. The registry key has a default value of 0x1. This value enables the functionality that is present in the current update. Before you install the current update, this registry key is not present in the system. You can obtain prepackage installation Autorun behavior by manually setting the registry key to 0. (To do this, type 0 instead of 1 in step 6 of the following procedures to manually set the registry key.) HonorAutorunSetting is always read from the HKEY_LOCAL_MACHINE registry hive even if the HonorAutorunSetting entry is also configured in the HKEY_CURRENT_USER registry hive.
How to set the HonorAutorunSetting registry key manually
Windows Server 2003 and Windows XP
- Click Start, and then click Run.
- In the Open box, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\
- Right-click in the right side pane, point to New, and then click DWORD Value.
- Type HonorAutorunSetting, and then press ENTER.
- In the Value data box, type 1, click Hexadecimal if it is not already selected, and then click OK.
- Exit Registry Editor.
- Restart the system for the new settings to take effect.
Link tham khao: http://support.microsoft.com/kb/967715
