Disable removable drives using GPO

Windows Server,printer,hp,hp deskjet,kms,backup,notification area,update,wsus,illegaltag,printer port,scheduled task,root hints,installation file missing,spoolsv.exe,installer error,iis6,home server,print drivers, print spooler,windows update,metro apps,auto-login,standalone installer,iis6,ie11 compatibility view

Here’s how you can easily disable use of external or removable drives using Group Policy in your Active Directory environment.

First we need to create a new policy and link it to the Organizational unit.

Now edit the newly created policy and navigate to:

Computer Configuration | Administrative Templates | System | Removable Storage Access

In the right pane open the “All Removable Storage classes: Deny all access” setting.

removable drives

Set the policy to “Enabled

Since this is a Computer configuration policy it should be applied to a computer containter.

On the other hand if you would like to apply this policy to a user containter you will have to enable Group Policy Loopback processing mode policy setting to be able to apply this policy on a user container.

In this case policy will be applied to all computers/users in that container.

To filter out users or computers that should not receive this policy, go to Delegation tab/Advanced setting and select desired Active Directory Security group and select Deny checkbox under “Apply group policy” setting.

All users/computers that are members of this Active Directory Security group will not get this policy applied.

You can also think about using a third-party solution like the Device lock which is great since you can filter usage of USB removable drives on a Hardware ID base. It also integrates with Active Directory.

You can also monitor files that are being copied from and to USB removable drives.
http://www.devicelock.com/

Comments are welcome!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × one =