Disabling removable devices

by Mitch Tulloch [Published on 1 Aug. 2006 / Last Updated on 1 Aug. 2006]

How to prevent USB devices and other removable devices from being installed in Vista.

USB storage devices have been a security concern since shortly after they first appeared in the marketplace. Admins often fear users could use these devices to remove sensitive information from work machines in violation of company policy, and as a result they've sought out third party solutions for preventing removable storage devices from working on Windows systems. Of course, as various security experts have pointed out, nothing can stop the determined individual--they could always wheel in a photocopier and put their monitor face down on the copier to steal data that way! Still, it's good that in Vista you now have an option to prevent removable devices from working. To do this, you configure local Group Policy as follows: 1. Type gpedit.msc in the Start Search box and hit Enter.

2. Click Continue when the UAC prompt appears.

3. Navigate to the following policy location:

Computer Configuration\Administrative Templates\System\Device Installation Restrictions

4. Enable the following policy setting:

Prevent Installation of Removable Devices

This will prevent all removable devices from being installed on your system. It will also prevent previously installed removable devices from being able to have their device drivers upgraded.

Cheers,
Mitch Tulloch, MVP
http://www.mtit.com

Featured Links