This action is suitable if the administrator only wants to protect the computer from virus or malware that might be exist in the removable storage. Deny execute access: Computer will not prevent users from transferring anything from/to the removable storage, but it will block users from opening programs and files stored in the removable storage.This action is suitable if the administrator only wants to protect confidential data in the computer from being copied out to a removable storage. Users will still be able to read contents in the removable storage. Deny write access: Computer will prevent all users transferring anything to the removable storage, but not the other way around.Administrator can use this if they want to completely restrict the usage of removable storage. It also effectively prevents users from transferring anything from/to the removable storage. Deny read access: Computer will totally block all users from reading contents in the removable storage.Note that there are three types of deny action that we can choose:
Usb block port portable#
Using Group Policy Management Console in Domain Controller, the way to configure this Group Policy is pretty straightforward as the settings has been provided the settings under Computer Configuration > Policies > Administrative Template > System > Removable Storage Access.Īs seen on the above screenshot, various settings for several device types has been preconfigured, such as removable disks (includes USB flash drive and external hard disk), WPD or Windows Portable Device (includes smartphone, music player, etc), CD and DVD, and even tape drives and floppy drives. The client PC is running Windows 10 and joined to a domain named, where the Domain Controller is installed on Windows Server 2012 R2. This scenario will demonstrate the way to completely block USB or removable devices in client PC.
Usb block port how to#
How to Block USB or Removable Devices using Group Policy This control can be the alternative to secure the network before implementing more complex security solutions like anti-virus or data loss prevention. Now if organizations wants to avoid such risks, IT administrator can always block USB or removable devices using Group Policy. There is also security reason, as sometimes people can put confidential data in these devices, which could easily be lost or stolen. The common reason is for sanity, as we know that these devices can be the media of virus and malware to spread.
There are reasons why USB or removable device usage typically banned in an organization.