To prevent users from connecting to USB storage devices by group policy

1- If a USB storage device is already installed on the computer:

  • Click StartAll programs - Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects
  • Expand Computer ConfigurationPreferencesWindows Settings.
  • Right click RegistryNewRegistry Item.

General Tab

  • Action : Update
  • Hive : HKEY_LOCAL_MACHINE
  • Key path : SYSTEM\CurrentControlSet\Services\UsbStor
  • Value name : Start
  • Value type : REG_DWORD
  • Value data : 00000004

Notes:
- You can apply this method on User Configration too.
- You can revert this method (1) by change Value data : 00000004 to Value data : 00000003

 

 

2- If a USB storage device is not already installed on the computer:

  • Click Start - All programs – Administrative Tools – Group Policy Managment.
  • Create or Edit Group Policy Objects
  • Expand Computer ConfigurationPolice - Windows Settings – Security Settings .
  • Right click File System- Add file or folder.

Browse to this file

  • %SystemRoot%\Inf\Usbstor.pnf
  • assign the user or the group and the local SYSTEM account Deny permissions.

Browse to this file too

  • %SystemRoot%\Inf\Usbstor.inf
  • Assign the user or the group and the local SYSTEM account Deny permissions.

 This article was originally posted at http://mabdelhamid.wordpress.com/2011/09/10/how-can-i-prevent-users-from-connecting-to-a-usb-storage-device-by-group-policy/