none
How to assign WPD FileSystem Volume Driver to Approved Device list RRS feed

  • Question

  • Hi All,

    I want to block all USB devices except for one model external HDD.

    Following this document I created these policies:

    Computer Configuration\Administrative Templates\System\Device Installation\ Device Installation Restrictions

    Enabled:

    • Allow administrators to override Device Installation Restriction policies
    • Prevent installation of devices not described by other policy settings
    • Allow installation of devices that match any of these device IDs

    In the last policy I entered the Hardware ID of the allowed external HDD.

    Now, when I insert an HDD, the hardware driver for the approved drive is indeed installed and all others are not.

    But on the approved drive I receive an error that installation of the “WPD FileSystem Volume Driver” is blocked by the policy and the filesystem on the disk is still not accessible.

    This driver does not show a Hardware ID.

    How can I add this driver to the approved hardware list?

    Thanks for your replies!

    Regards, Johan

    Thursday, July 18, 2019 7:57 AM

All replies

  • Hi, 

    As you said the driver not show a hardware ID, how did you check it's hardware ID?

    Please go to device manager and find the WPD file system volume driver under portable devices, right click it and choose properties, go to details and check "class GUID" under the property of the driver. Then type the GUID to group policy "Allow installation of devices that match any of these device IDs"

    Bests, 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 19, 2019 8:46 AM
    Moderator
  • Hi Joy-Qiao,

    Thanks for your reply!

    I checked for the hardware ID in Device Manager at the same place as for the disk it self.

    I have added the "class GUID", but now I get an "access denied" error instead of "forbidden" when I use a locked user account.

    I'll do some further trouble shooting next Monday...

    Thanks for your help so far!

    Regards, Johan

    Friday, July 19, 2019 2:32 PM
  • Hi Johan, 

    We need to use administrator account to configure group policy settings. 

    Switch with admin account and try to check it again.

    Bests, 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Saturday, July 20, 2019 8:20 AM
    Moderator
  • I did apply the GPO with my admin account.

    The "access denied" error appears when the locked user connects the approved device.

    Thursday, July 25, 2019 11:14 AM
  • Hi, 

    Does the error message show forbidden before you configure WPD driver class GUID?

    Please export the group policy with command line "gpresult /h c:\gp.html" as administrator and upload the file to One Drive, then paste the link here. 

    Also please create a capture for appeared error message and paste here.

    Bests, 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, July 28, 2019 1:07 AM
    Moderator