How to use a Group Policy Object to block access to USB storage devices

In this modern era USB drives are more popular to transfer data from one PC to another. One of the reasons for popularity of the USB devices is they are the easiest devices that can be connected to your computer. USB drivers are portable and install automatically.

Some organizations don’t allow users to attach USB drives with their corporate systems.

How to disable USB devices using Group Policy

In this post we have a Domain Controller Windows Server 2016 R2 and client is Win10 Pro.  We will create Group Policy on domain controller and applying on domain level or specific OUs as per our requirement.

Create new OU “Block” and move the system you want to apply policy.

Launch Group Policy Management and go to Group Policy Objects

Right click the policy and click Edit.  This will open Group Policy Management Editor. Navigate to Computer Configuration\Policies\Administrative Templates\System\Removable Storage Access.

Here list of policies will be shown if we want to block any specific device.

If you want to block all type of storage devices then we need to enable “All Removable Storage classes: Deny all access”.

The GPO has been created and need to apply to specific OU.

Select USB and click Ok

Go to the system you applied GPO and run gpupdate or reboot the PC. Usually computer based policies requires a reboot.

Login and verify that USB has been blocked.

Apply gpupdate /force. Connect any USB device to the computer and you should see the message as Access is denied. This policy will prevent the users to access any removable storage media.

Leave A Comment

Your email address will not be published. Required fields are marked *