Customising actions on USB using USBDLM

There are many problems with USB in Windows. One being that every time you insert a drive it can have almost any drive letter, another running something automatically from the drive. Will discuss the second first:

Microsoft had Autorun for many years, since Windows 95, but they have had to nerf the hell out of it to stop the prevalence of virus’s and Trojan’s propagating using sneaker-net. A clever chap by the name of Uwe Sieber ( has come to the rescue with USBDLM (USB Drive Letter Manager).

USBDLM is a Windows service that gives control over Windows’ drive letter assignment for USB drives. Running as service makes it independent of the logged on user’s privileges, so there is no need to give the users the privilege to change drive letters.
It automatically solves conflicts between USB drives and network or subst drives of the currently logged on user.
Furthermore you can define new default letters for USB drives and much more.

On my flash drive I have a TrueCrypt install with a 4GB container for my documents and wanted it to mount automagically whenever that drive is inserted into one of my computers. One of the features of USBDLM is to execute a command when a specific device is attached.

First things first, go fetch USBDLM ZIP file from and unzip to a folder. I recommend using C:Tools for this sort of stuff, makes backups easier. Once unzipped run the _install.cmd file as Administrator, if you are not logged on as an Administrator use the RunAs Administrator option in the context menu. To get started rename the USBDLM_sample.INI to USBDLM.INI, this file is read every time a device is inserted so no need to restart the service while testing.

To have the “Autorun” mount a TrueCrypt you will need a section like this one

open=”%drive%TrueCryptTrueCrypt.exe” /q /v %drive%MyTrueCryptFile.TC /letter N

To open an item on the drive you need to create an [OnArrival] section.
The DeviceID can be determined using the included ListUsbDrives_To_Notepad.cmd which will open a text file through which you can find the USB DevID for the USB device your Truecrypt file is on.
The FileExists portion is optional, use this to first check the file is actually on the device. The %drive% is a placeholder for whatever drive letter the USB device is mounted as.
The open portion is where you will put the command line to open whatever you want, here it is a TrueCrypt file.

Once my TrueCrypt container is mounted another OnArrival section opens my KeePass database. A really useful feature when you have applications automatically running is the OnRemovalRequest section which can then run the commands to un-mount the TrueCrypt volume after closing my KeePass database.

Another very useful feature of USBDLM is the initial purpose behind the service, the ability to enforce the assignment of USB drives to specific drive letters. This is done thusly



This is far simpler, [DriverLetters] defines what letters are available to be assigned to USB drives.

[DriveLetters10] is a bit more complex, a very small bit. Using this example it will assign the drive letter A whenever the device with DeviceIS1 is attached.

There are lots of additional things you can do, all well documented in the help file included with the download.

Create an USB key to lock and unlock Windows 7 to enhance security via The Customize Windows Blog


It is possible to lock down  with a USB key, so that no one can start  without having this USB pen drive or thumb drive. The principle of this tutorial stands on the database security accounts manager (SAM Security Accounts Manager). This database Data is encrypted with a key system and stored locally.

You can use the utility SysKey to further secure the SAM database by storing the encryption key for this database outside of the computer.

If you store this database on a USB key at every system startup, Windows will ask you to insert the USB key, and without this key can not boot into Windows 7.

Read more: Create an USB key to lock and unlock Windows 7 to enhance security