Allow Only Specific USB Storage Devices in your Organization Using Group Policy - Untold.IT


Post Top Ad

Wednesday, January 22, 2020

Allow Only Specific USB Storage Devices in your Organization Using Group Policy

Allow Only Specific USB Storage Devices in your Organization Using Group Policy

Allowing specific USB Storage Devices can be done using third party applications like AV software. One option is to set this restriction using the Group Policy that can be applied to a certain OU in the organization.

Identifying the USB Storage to be allowed

1.      Plug in the USB storage device that you want to allow in your desktop or laptop with Windows OS
2.      Open “Run” and type “devmgmt.msc” to access the Device Manager

3.      On the Device Manager go to “Disk Drives” and right click on the USB storage and select “Properties”.

4.      Navigate to “Details” and select “Device Instance Path” from the drop-down menu.

5.      Copy the “Value

Configuring the Group Policy

1.      In Active Directory Server, navigate to “Group Policy Management”

2.      In this scenario, we will edit the currently applied group policy in a certain OU. Right click on the policy and select “Edit”.

3.      Navigate to “Computer Configuration” > “Administrative Templates” > “System” > “Device Installation” > “Device Installation Restrictions” and select “Allow installation of devices that match any of these Device IDs

4.      Select “Enabled” and click on “Show”

5.      Add the Value we have copied previously. Click on Ok and Apply.

After configuring the policy, it will be displayed in the Group Policy Manager Settings

Controlling USB Devices That Have Already Been Installed

For this scenario, one option is to uninstall the USB drive, which will put the computer in the state of not having the USB drive installed.

Steps to Safely Cleanup and Remove old USB Mass Storage Drivers on your PC:

1.      Shut down your computer. Unplug your USB storage devices: USB Disks, flash, cams, CD/DVD, etc. as well as your USB hubs
==> Other USB devices like keyboards, mice and LAN adapters can stay plugged in
2.      Boot computer back up
3.      Download, unzip and save to your desktop. Move the 32 or 64 bit version (Depending on your Windows OS) of DriveCleanup.exe to C:\Windows\System32

Download drivecleanup here:

4.      Open an elevated command prompt window:
5.      In the command prompt enter: drivecleanup.exe
==> Your output should be similar to my example below.
==> If, instead, you get an error message like Command not recognized it means you didn't move Drivecleanup.exe to the right directory
       6.   Reboot. Now just re-plug your devices for fresh clean device reinstalls.


  1. Thank you so much for this it could really helps my when i put the usb in my laptop it show virus but now i think this post can helps me out thanks for sharing this hoping to see more posts like this.
    Dictionary Global

  2. The drawbacks are that the will can be challenged or changed which might influence the planned result of providing for charity.

  3. "Proper warehouse storage techniques can significantly reduce the risk of damage to products and materials." Minilager Oslo

  4. "When considering an exchange or return, it's crucial to check the condition and original packaging of the item, as some policies may require items to be in like-new condition." Hassle-free returns with top retailers

  5. A field-effect transistor (FET) is a three-terminal semiconductor device used for amplification and switching.
    Lenovo yoga c940 charger


Post Top Ad