Devices in company networks often represent the USB removable devices as a threat, through which viruses, malware or spyware infections occur again and again. For this reason, it is often desirable to prevent all installations of removable devices .
Microsoft offers a special group guideline for this, with which you can prevent the installation of USB removable devices or removable drives or USB sticks.
You can find the necessary GPO for this in the group policy editor under the following path
Computer configuration / Administrative templates / System / Device installation / Device installation restrictions
In this GPO area you will find the following group guidelines
Prevent installation of removable devices
This looks like this in the GPO editor.
If you now activate this GPO, Windows prevents all users of this computer from installing removable devices .
Microsoft also provides the following information about this GPO.
You can use this policy setting to prevent removable devices from being installed. A device is considered a removable device if the driver for the device to which it is connected indicates that the device is removable. A USB device (Universal Serial Bus, z. B. reported by the drivers for the USB hub to which it is connected as a removable device. This policy setting takes precedence over any other policy setting that allows you to install a device.
If you enable this policy setting , removable devices can not be installed and the drivers of existing removable devices cannot be updated. If you enable this policy setting on a terminal server , this affects the redirection of removable devices from a terminal service client to the terminal server.
If you disable or do not configure this policy setting , removable device drivers can be installed and updated if other policy settings allow it.
Incidentally, the changes only become active after a Windows restart .
This GPO is therefore a useful means of preventing the installation of any USB removable drives.
If you are interested in other useful GPOs , we recommend the following posts here on Windows FAQ.
– Set desktop background centrally using group policy – Update group policies using
a command on a Windows client
– Hide all desktop
icons using group policy (GPO) – Disable autoplay using group policy – Allow
remote desktop connections using a group policy
– Group policy for Windows 10 Start menu ” Run as another user”