none
User based group policy for Blocking USB devices in domain environment

    Question

  • Hi Team,

    Is there any option to block USB devices using user based group policy

    Or

    any another suggestion's 

    Thanks in Advance

    NTRao


    • Edited by NTRao Thursday, September 03, 2015 5:06 AM
    Thursday, September 03, 2015 5:02 AM

All replies

  • Hi,

    Thanks for your post.

    You may refer to the articles:Managing Hardware Restrictions via Group Policy
    http://www.microsoft.com/technet/technetmag/issues/2007/06/GroupPolicy/default.asp

    Please check the group policy related to removable storage device settings.
     Computer Configuration-->Policies-->Administrative Templates-->System-->Removable Storage Access
    User Configuration-->Policies-->Administrative Templates-->System-->Removable Storage Acces

    It specify read and write permission on all kinds of removable storage device.

    Computer Configuration-->Policies-->Administrative Templates-->System-->Device Installation-->Device Installation Restrictions

    With device installation restrictions, the installation of removable storage device will be totally under control.

    In addition, you may also read the articles for step by step introduction.

    https://www.petri.com/disable_usb_disks_with_gpo

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,
    Mary Dong


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, September 03, 2015 6:21 AM
    Moderator
  • Hi Mary Dong,

    I have hundred's of systems in my organisation, for that im trying to deploy script to block

    if I change registry settings usbstore > start to 4, it just blocking flash drives but not mobile devices

    and my second option is local GPO I changed local GPO settings ( computer configuration > Administrative Templates > system > removable storage access > All Removable storage classes: Deny all access > Enable

    This option is working fine,

    but I wanted to deploy GPO as a script

    please suggest me on this

    NTRao

    Friday, September 04, 2015 11:23 AM