Disable removable drives using GPO

Windows Server,printer,hp,hp deskjet,kms,backup,notification area,update,wsus,illegaltag,printer port,scheduled task,root hints,installation file missing,spoolsv.exe,installer error,iis6,home server,print drivers, print spooler,windows update,metro apps,auto-login,standalone installer,iis6,ie11 compatibility view

Here’s how you can easily disable use of external or removable drives using Group Policy in your Active Directory environment.

First we need to create a new policy and link it to the Organizational unit.

Now edit the newly created policy and navigate to:

Computer Configuration | Administrative Templates | System | Removable Storage Access

In the right pane open the “All Removable Storage classes: Deny all access” setting.

removable drives

Set the policy to “Enabled

Since this is a Computer configuration policy it should be applied to a computer containter.

On the other hand if you would like to apply this policy to a user containter you will have to enable Group Policy Loopback processing mode policy setting to be able to apply this policy on a user container.

In this case policy will be applied to all computers/users in that container.

To filter out users or computers that should not receive this policy, go to Delegation tab/Advanced setting and select desired Active Directory Security group and select Deny checkbox under “Apply group policy” setting.

All users/computers that are members of this Active Directory Security group will not get this policy applied.

You can also think about using a third-party solution like the Device lock which is great since you can filter usage of USB removable drives on a Hardware ID base. It also integrates with Active Directory.

You can also monitor files that are being copied from and to USB removable drives.

Comments are welcome!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.