I have to perform a user information security awareness audit. One of the things is to determine if user's plug in a USB device or not.
My first ideal was to have it run a auto run program that has a bat file that records, their username, pc name, and date/time into a txt log file.
Determining that this was a no go, I have decided to maybe try to run the bat file when the pc determines when the drive is plugged in?
Is there any other options?
My reputation isn't yet high enough to post this as a comment, but you should probably rewrite your question to be more specific. Is this for one computer? Or for a whole network? Is this for Windows? If so which version(s)? Linux? What Version(s)? OS X? What Versions?
Based on these, the answer can vary widely.
That being said, I'm going to attempt to point you in the right direction, as this is an "answer." I assume Windows because you mention bat files, and therefore I think that this answer on superuser can be applied to your situation https://superuser.com/questions/219401/starting-scheduled-task-by-detecting-connection-of-usb-device
There are many comments regarding any USB drive that can help your situation, but the idea is that you can use the powershell script given and modify it to more specifically suit your needs. Specifically, I'd make it log the information to a log file somewhere. If you're doing this for all computers on your network, you can use Group Policy to push the scripts out to every computer.
Assuming this is being done on Windows system then the best tool is USB Devices View from Nirsoft.
This tool lists all USB devices that have been plugged into a Windows system, the type of device, serial number and the time it was last plugged in or removed.
It's a good introduction too exactly how much information can be extracted from Windows logs too :)
