Hi Ravindra,
GPO would work for your scenario if you have a “whitelist” which listed the IDs of encrypted USB Storage devices. Each USB device has a unique ID which the OS uses to determine which type of device it is. After obtaining the USB devices’
ID list, then you could set policies in Windows to restrict which device IDs are allowed to connect.
The following article describes the detail steps about how to get the USB devices’ ID and which group policy to be configured based on different requirements, please take a look:
Step-By-Step Guide to Controlling Device Installation Using Group Policy
https://msdn.microsoft.com/en-us/library/bb530324.aspx#grouppolicydeviceinstall_topic3c
If you have not the whitelist, I would suggest you turn on BitLocker for users, and then you will find the related group policy settings which enable you to deny write access to drives not encrypted with BitLocker and to deny write access
to encrypted drives that don't belong to your organization. Please see the detail group policy settings from :
https://technet.microsoft.com/en-us/library/jj679890.aspx
Regards,
Wendy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
