How to disable AutoRun / AutoPlay in Windows

The purpose of Autorun

The main purpose of Autorun is to provide a software response to hardware actions that you start on a computer. Autorun has the following features:

Double-Click
Contextual Menu
AutoPlay

These features are typically called from removable media or from network shares. During AutoPlay, the Autorun.inf file from the media is parsed. This file specifies which commands the system runs. Many companies use this functionality to start their installers.

Default Behavior of Autorun and AutoPlay

Default behavior of AutoPlay on Windows XP-based systems

AutoPlay begins reading from a drive as soon as you insert media into the drive. Therefore, the Setup file of programs and the music on audio media start immediately. Before Windows XP SP2, AutoPlay was disabled by default on removable drives, such as the floppy disk drive (but not the CD drive), and on network drives. Starting with Windows XP SP2, AutoPlay is enabled for removable drives. This includes ZIP drives and some USB mass storage devices. If you enable the settings to disable AutoPlay (the procedure to do this is described in this article), you can disable AutoPlay on a CD drive, on removable media drives, on all drives.

Note This setting appears in both the Computer Configuration and User Configuration folders. If the settings conflict, the setting in Computer Configuration takes precedence over the setting in User Configuration.

Default behavior for Autorun

Autorun commands are generally stored in Autorun.inf files. These commands enable applications to start, start installation programs, or start other routines. In versions of Windows that are earlier than Windows Vista, when media that contains an Autorun command is inserted, the system automatically executes the program without requiring user intervention. Because code may be executed without user's knowledge or consent, users may want to disable this feature because of security concerns. The configuration settings that are described in this article give Administrators the ability to selectively or completely disable all Autorun capabilities for systems that run Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 systems.

The default behavior in Windows Vista and Windows Server 2008 is to prompt the user whether an Autorun command is to be run. Changes to these settings are described later in this article. An Administrator can completely disable Autorun commands or revert to the pre-Windows Vista behavior of automatically executing the Autorun command. If the feature is configured to disable Autorun capabilities, or if this policy is not configured, Windows Vista and Windows Server 2008 will continue to prompt the user whether the Autorun command is to be run.

Prerequisites to disable Autorun capabilities

To disable Autorun capabilities, you must install the following updates:

Update for Windows XP (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=c7dbcde3-7814-47c5-849e-e64ecfb35d74

Update for Windows Server 2003 for Itanium-based Systems (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=99423caf-b52b-4ebc-b80c-94ee1ef9f66b

Update for Windows Server 2003 x64 Edition (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=7b866fb7-9bb7-4fce-b395-d0a4ee38a115

Update for Windows Server 2003 (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=32b845ac-7681-468c-812b-2dcebdae9b40 

Update for Windows XP x64 Edition (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=ca802f38-0566-4ac4-8808-6515623c35c5

Update for Windows 2000 (KB967715)
http://www.microsoft.com/downloads/details.aspx?FamilyID=3c6039f1-d84d-4294-8457-35aa8b4dcab8 )

Windows Vista-based and Windows Server 2008-based systems must have update 950582 (Security bulletin MS08-038 installed to take advantage of the registry key settings that disable Autorun.

After the prerequisites are installed, follow these steps to disable Autorun.

How to use Group Policy settings to disable all Autorun features in Windows Server 2008 or Windows Vista
Use either of the following methods:

Method 1

Click StartCollapse this imageExpand this image, type Gpedit.msc in the Start Search box, and then press ENTER.

Collapse this imageExpand this imageIf you are prompted for an administrator password or for confirmation, type the password, or click Allow.

Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.

In the Details pane, double-click Turn off Autoplay.

Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.

Restart the computer.

Method 2

Click StartCollapse this imageExpand this image, type Gpedit.msc in the Start Search box, and then press ENTER.

Collapse this imageExpand this imageIf you are prompted for an administrator password or for confirmation, type the password, or click Allow.

Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.

In the Details pane, double-click Default Behavior for AutoRun.

Click Enabled, and then select Do not execute any autorun commands in the Default Autorun behavior box to disable Autorun on all drives.

Restart the computer.

How to use Group Policy settings to disable all Autorun features in Windows Server 2003, Windows XP Professional, and Windows 2000

Click Start, click Run, type Gpedit.msc in the Open box, and then click OK.

Under Computer Configuration, expand Administrative Templates, and then click System.

In the Settings pane, right-click Turn off Autoplay, and then click Properties.

Note In Windows 2000, the policy setting is named Disable Autoplay.

Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.

Click OK to close the Turn off Autoplay Properties dialog box.

Restart the computer.

How to disable or enable all Autorun features in Windows 7 and other operating systems

Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003,or Windows XP

Let me fix it myself

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

To disable Autorun yourself on operating systems that do not include Gpedit.msc, follow these steps:

Click Start, click Run, type regedit in the Open box, and then click OK.

Locate and then click the following entry in the registry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun

Right-click NoDriveTypeAutoRun, and then click Modify.

In the Value data box, type 0xFF to disable all types of drives. Or, to selectively disable specific drives, use a different value as described in the "How to selectively disable specific Autorun features" section.

Click OK, and then exit Registry Editor.

Restart the computer.

How to selectively disable specific Autorun features

To selectively disable specific Autorun features, you must change the NoDriveTypeAutoRun entry in one of the following registry key subkeys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\

The following table shows the settings for the NoDriveTypeAutoRun registry entry. Collapse this tableExpand this tableValue Meaning

0x1 or 0x80 Disables AutoRun on drives of unknown type

0x4 Disables AutoRun on removable drives

0x8 Disables AutoRun on fixed drives

0x10 Disables AutoRun on network drives

0x20 Disables AutoRun on CD-ROM drives

0x40 Disables AutoRun on RAM disks

0xFF Disables AutoRun on all kinds of drives

The value of the NoDriveTypeAutoRun registry entry determines which drive or drives the Autorun functionality will be disabled for. For example, if you want to disable Autorun for network drives only, you must set the value of NoDriveTypeAutoRun registry entry to 0x10.

If you want to disable Autorun for multiple drives, you must add the corresponding hexadecimal values to the 0x10 value. For example, if you want to disable Autorun for removable drives and for network drives, you must add 0x4 and 0x10, which is the mathematical addition of 2 hexadecimal values, to determine the value to use. 0x4 + 0x10 = 0x14. Therefore, in this example, you would set the value of the NoDriveTypeAutoRun entry to 0x14.

The default value for the NoDriveTypeAutoRun registry entry varies for different Windows-based operating systems. These default values are listed in the following table. Collapse this tableExpand this tableOperating system Default value

Windows Server 2008 and Windows Vista 0x91

Windows Server 2003 0x95

Windows XP 0x91

Windows 2000 0x95

Registry entry that is used to control the behavior of the current update

All the fixes in the current update for Windows XP and for Windows Server 2003 are included in the HonorAutorunSetting registry entry in the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\

Registry ValueCollapse this tableExpand this tableValue Data type Range Default value

HonorAutorunSetting REG_DWORD 0x0–0xFF 0x01

Note For Windows Server 2003 and Windows XP, all changes of this update are controlled by the HonorAutorunSetting registry entry so that you can revert to the previous configuration if it is required. This entry is not valid for Windows 2000, Windows Vista, or Windows Server 2008 users.

When you install update 967715, the HonorAutorunSetting registry key is created only in the HKEY_LOCAL_MACHINE registry hive. The registry key has a default value of 0x1. This value enables the functionality that is present in the current update. Before you install the current update, this registry key is not present in the system. You can obtain prepackage installation Autorun behavior by manually setting the registry key to 0. To do this, type 0 instead of 1 in step 6 of the following procedures to manually set the registry key. HonorAutorunSetting is always read from the HKEY_LOCAL_MACHINE registry hive even if the HonorAutorunSetting entry is also configured in the HKEY_CURRENT_USER registry hive.

enjoy!!!!