Help Center
Log in
Log in

How can we help?

Common topics:

AI, Tickets, Agents
Help Center
In this Article:

    Related articles

    1. Atera Support
    2. Library
    3. RMM
    4. Scripts

    Script for checking USB connection to devices

    Dragos Gabriel Tulbure

    This article will detail how to make and apply the script to check for USB flash drives connected to devices.

     

    1. Open Notepad and paste this script

    $usb_size = @{ Name = 'Size';Expression = { [Math]::Round( ($_.Size/1073741824), 2) } }
    $usb_drives = Get-Disk | Where-Object -FilterScript { $_.Bustype -Eq "USB"} | FL -Property Model,SerialNumber,$usb_size | Out-String

    IF (!($usb_drives -ieq $null)){
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("X-API-KEY", 'YOUR_API_KEY_HERE')

    $Dguid = (Invoke-RestMethod "https://app.atera.com/api/v3/agents/machine/$ENV:COMPUTERNAME" -Headers $headers).Items.DeviceGuid
    $Cid = (Invoke-RestMethod "https://app.atera.com/api/v3/agents/machine/$ENV:COMPUTERNAME" -Headers $headers).Items.CustomerID

    $Body = @{
        DeviceGuid = $Dguid
        CustomerID = $Cid
        Title = "USB Drives - $(Get-Date -Format g)"
        MessageTemplate = "$usb_drives GB"
        Severity = "Information" 
        AlertCategoryID = "General" 
        Code = 1
    }

    Invoke-RestMethod -Method Post 'https://app.atera.com/api/v3/alerts' -Headers $headers -Body $Body
    }
    exit

     

    2. In the Atera Dashboard, select Admin (on the side panel), then click on API.

     

    Click the view and copy buttons to copy the API key.

    • Paste this API key where it says YOUR_API_KEY_HERE within the quotes. 
    • Save your script with the suffix .PS1

     

    Set up your PC to Run the Script

    1. In your PC's start menu, open the Event Viewer.

    2. Navigate to Applications and Service Logs > Microsoft > Windows > DriverFrameworks-UserMode and click to view Operational.

    driverframeworks.PNG

    3. Click Enable Log. This will start the logging whenever somebody puts a USB flash drive into the PC.

    Now that logging is enabled you will need to create a Scheduled Task to run the script every time that the event is created.

    1. In your PC's start menu, open the Task Scheduler.

    2. Click on the Task Scheduler Library and select Create Task on the right side.

    3. Fill out the General tab with the name of this new task.

    createtask.PNG

     

    4. Click the Triggers tab. Click New. And in the drop-down list Begin the Task, select On an Event, and choose Custom.

    newtrigger.PNG

     

    5. Click New Event Filter.

    6. Have Logged set to Any Time. Click By Log and navigate to Microsoft-Windows-DriverFrameworks-UserMode/Operational.  In the ID field, add 1003.

    neweventfilter.PNG

     

    7. Click OK in both the Triggers and the General tabs.

    8. Next, click on the Actions tab. Click New. In the program field, type Powershell.exe. In the Add Arguments box, add 

    -windowstyle hidden 'C:\Scripts\USB_Alert.ps1 with the location of your script.

    newaction.PNG

     

    9. Enter any Conditions and Settings that you require and click OK to create the Scheduled Task.

     

    Verify the Script

    1. Insert a USB drive into the computer.

    2. Navigate to that device in the Atera Portal.

    3. You will see an alert every time a USB drive is inserted.
    alertusbdrive.jpeg

     

     

    Copyright © Atera Networks Ltd.2023

    apple store app google play app

    AICPA SOC for Service Organizations and ISO 27001 certified