How to disable AutoPlay and AutoRun in Windows 10

windows autoplay

Vulnerabilities in Windows AutoPlay could compromise your PC’s security. Here’s how to disable it locally and at the Group Policy level.

Need to disable AutoPlay on your Windows 10 machine? Here’s how to do it:

  1. Press the Windows key or click the Windows icon in the lower-left corner of your desktop.
  2. Type in autoplay and click on the AutoPlay Settings option.
  3. From this screen, toggle AutoPlay For All Media And Devices to Off. Also switch AutoPlay defaults for removable drives and memory cards to Take No Action.

Want to disable AutoPlay and AutoRun at the Group Policy level? Here’s how:

  1. Press the Windows key or click the Windows icon in the lower-left corner of your desktop.
  2. Type gpedit and click on the Edit Group Policy option.
  3. Under Computer Configuration, navigate to Administrative Templates > Windows Components > AutoPlay Policies.
  4. Under AutoPlay Policies, click Turn Off AutoPlay.
  5. Toggle the policy to Enabled and set Options to All Drives. Click Apply.
  6. Click on Set The Default Behavior For AutoRun.
  7. Toggle the policy to Enabled and set the default behavior to Do Not Execute Any AutoRun Commands. Click Apply.

A recently revealed flaw in Windows 10 AutoPlay could cause a PC to bluescreen—even when locked—by simply inserting a malicious USB drive.

The reported flaw would require an attacker to have physical access to the victim’s computer, but the analyst who discovered it said it would be an easy jump to create malware capable of remotely triggering the same exploit by mounting a virtual drive.

AutoPlay and AutoRun both make life easier for PC users, but automatic execution of media can be dangerous. If you want to protect your PC, or those on your network, from attacks like this you need to disable AutoPlay and AutoRun in order to be safe. Here’s how to do that both from the Settings app and in Group Policy.

Disabling AutoPlay in Windows 10’s Settings app

The easiest way to find the appropriate item in Windows 10’s Settings app is to simply tap the Windows key or click on the Windows icon in the lower-left corner of the screen. When the Start menu opens just type autoplay and Windows should find the appropriate item (Figure A).

figure-a.jpg

Figure A

Image: Brandon Vigliarolo/TechRepublic

The window that pops up will show the appropriate items you need to toggle (Figure B). Set Use AutoPlay For All Media And Devices to Off and set Removable Drive And Memory Card to Take No Action. That’s it!

figure-b.jpg

Figure B

Image: Brandon Vigliarolo/TechRepublic

Disabling AutoPlay and AutoRun in the Group Policy Editor

For a deeper level of control, and to disable AutoRun as well, you’ll need to turn to the Group Policy Editor. Windows administrators should be able to find the necessary policies by following these same steps but will need to apply them to organizational units in order to make them take effect across their domains.

Start by opening the WIndows Start menu again, but this time type gpedit. When the Group Policy Editor appears in the search results (Figure C), click on it.

figure-c.jpg

Figure C

Image: Brandon Vigliarolo/TechRepublic

In the Group Policy Editor, navigate to the following folders under Computer Configuration: Administrative Templates -> Windows Components -> AutoPlay Policies (Figure D).

figure-d.jpg

Figure D

Image: Brandon Vigliarolo/TechRepublic

It’s important to disable both AutoPlay and AutoRun, as they have different functions: AutoPlay pops up a dialog window prompting a user to do something with inserted media, whereas AutoRun simply looks for an INF file and starts executing it to install software. Both are risky.

First, click on the Turn Off AutoPlay item. On the screen that opens (Figure E) set the item to Enabled. Look for the Options window, which should default to All Drives when you enable the policy. Leave that as-is. Click Apply and the window will close.

figure-e.jpg

Figure E

Image: Brandon Vigliarolo/TechRepublic

Next is to change the Set The Default Behavior For AutoRun item. Click on that and you should see the screen shown in Figure F.

figure-f.jpg

Figure F

Image: Brandon Vigliarolo/TechRepublic

Again, toggle the policy to Enabled and look under Options—It should say Do Not Execute Any AutoRun Commands. If it does, leave it, and if not, choose that option. Click Apply and you’re all set.

At this point, individual users won’t need to take any other actions, but they will need to manually launch CDs and other media inserted into their PCs. That adds a bit of hassle, but it’s nothing compared to having to save a compromised machine or dealing with the fallout from stolen data.

More Windows tips..

Leave a Reply

Your email address will not be published. Required fields are marked *